MOABI : Continuous Software Improvement

CVE-2015-9258
Description	In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.
Impact	CVSS v3 : 7.5 HIGH CVSS v2 : 5 MEDIUM
Type	CWE-310
Attack Vector	CVSSv2 Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	https://docs.docker.com/notary/changelog/ https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf