CVE-2022-24759

HIGH Year: 2022
CVSS v3 Score
7.4
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-347
View all →

Vulnerability Description

`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.

Related Vulnerabilities

CVE-2019-14859

HIGH
CVSS:7.4(High)

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted,...

CWE-3472019

CVE-2020-2146

HIGH
CVSS:7.4(High)

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

CWE-3472020

CVE-2021-34420

HIGH
CVSS:7.4(High)

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor insta...

CWE-3472021

CVE-2002-1706

HIGH
CVSS:7.5(High)

Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) ...

CWE-3472002

CVE-2005-2181

HIGH
CVSS:7.5(High)

Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such...

CWE-3472005