---

CVE-2022-21449 - log back

CVE-2022-21449 edited at 03 May 2022 20:16:33
Description	- The ECDSA signature verification from java 15 onward accecpted campletely blank signatures as valid for an arbitrary message and public key. + The ECDSA signature verification from java 15 onward accecpted completely blank signatures as valid for an arbitrary message and public key.

CVE-2022-21449 edited at 03 May 2022 20:16:16
Type	- Signature forgery + Insufficient validation

CVE-2022-21449 edited at 03 May 2022 20:16:01
Type	- Unknown + Signature forgery
Description	+ The ECDSA signature verification from java 15 onward accecpted campletely blank signatures as valid for an arbitrary message and public key.

CVE-2022-21449 edited at 03 May 2022 20:05:51
Severity	- Unknown + High
Remote	- Unknown + Remote
Description
References	+ https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ + https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19
Notes

CVE-2022-21449 created at 03 May 2022 19:31:22