how to run java 11+ JEP-330
java CVETester.java
cat > CVETester.java
Then copy paste the java code from CVETester.java. After paste enter ctrl+d
, the file CVETester.java should have the same contents.
Then you can run:
java CVETester.java
java CVETester.java
cat > CVETester.java
Then copy paste the java code from CVETester.java. After paste enter ctrl+d
, the file CVETester.java should have the same contents.
Then you can run:
java CVETester.java
import java.security.*; | |
public class CVETester { | |
public static void main(String... args) throws Exception { | |
var keys = KeyPairGenerator.getInstance("EC").generateKeyPair(); | |
var blankSignature = new byte[64]; | |
var sig = Signature.getInstance("SHA256WithECDSAInP1363Format"); | |
sig.initVerify(keys.getPublic()); | |
sig.update("Some random text to be encrypted".getBytes()); | |
var result = sig.verify(blankSignature); | |
System.out.println("Java is vulnerable for Psychic Signatures bug [CVE-2022-21449]: " + result); | |
} | |
} |
Thanks JFROG! https://jfrog.com/blog/cve-2022-21449-psychic-signatures-analyzing-the-new-java-crypto-vulnerability/