N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-55xh-53m6-936r

EPSS Score

CWE

CWE-347

Published

6/1/2021

Updated

1/9/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-55xh-53m6-936r

GHSA-55xh-53m6-936r: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact

This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages.

This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth and there is no impact on the integrity of decrypted plaintext.

This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In addition to these signatures, the ESDK uses AES-GCM encryption and all plaintext is verified before being released to a caller. There is no impact on the integrity of the ciphertext or decrypted plaintext, however some callers may rely on the the ECDSA signature for non-repudiation. Without validating the ECDSA signature, an actor with trusted KMS permissions to decrypt a message may also be able to encrypt messages. This update introduces a new API for callers who wish to stream only unsigned messages.

For customers who process ESDK messages from untrusted sources, this update also introduces a new configuration to limit the number of Encrypted Data Keys (EDKs) that the ESDK will attempt to process per message. This configuration provides customers with a way to limit the number of AWS KMS Decrypt API calls that the ESDK will make per message. This setting will reject messages with more EDKs than the configured limit.

Finally, this update adds early rejection of invalid messages with certain invalid combinations of algorithm suite and header data.

Patches

Fixed in versions 1.9 and 2.2. We recommend that all users upgrade to address these issues.

Customers leveraging the ESDK’s streaming features have several options to protect signature validation. One is to ensure that client code reads to the end of the stream before using released plaintext. With this release, using the new API for streaming and falling back to the non-streaming decrypt API for signed messages prevents using any plaintext from signed data before the signature is validated. See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x

Users processing ESDK messages from untrusted sources should use the new maximum encrypted data keys parameter. See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x

Workarounds

None

For more information

https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#digital-sigs

https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-55xh-53m6-936r

EPSS Score

CWE

CWE-347

Published

6/1/2021

Updated

1/9/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.amazonaws:aws-encryption-sdk-java	maven	< 1.9.0	1.9.0
com.amazonaws:aws-encryption-sdk-java	maven	>= 2.0.0, < 2.2.0	2.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key issues: (1) Streaming APIs allowed access to plaintext before ECDSA signature validation, and (2) ECDSA signature verification logic failed to reject certain invalid signatures. The createDecryptingStream method is explicitly implicated in the advisory's description of the streaming vulnerability, as it enabled premature plaintext access. The decryption handler (createDecryptHandler) would logically contain the signature validation logic that improperly accepted invalid ECDSA signatures. These functions are core to the decryption flow and align with the described attack vectors (non-repudiation bypass and invalid signature acceptance). The high confidence stems from the advisory's direct mention of streaming API behavior and cryptographic validation flaws.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T*is **visory ***r*ss*s s*v*r*l LOW s*v*rity issu*s wit* str**min* si*n** m*ss***s *n* r*stri*tin* pro**ssin* o* **rt*in typ*s o* inv*li* m*ss***s. T*is up**t* ***r*ss*s *n issu* w**r* **rt*in inv*li* ***S* si*n*tur*s in*orr**tly p*ss**

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s: (*) Str**min* *PIs *llow** ****ss to pl*int*xt ***or* ***S* si*n*tur* `v*li**tion`, *n* (*) ***S* si*n*tur* v*ri*i**tion lo*i* **il** to r*j**t **rt*in inv*li* si*n*tur*s. T** `*r**t****ryptin*Str**m` m*t*

N/A

Basic Information

Concerned about an active attack path?

GHSA-55xh-53m6-936r: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact

Patches

Workarounds

For more information

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI