Hacker News new | past | comments | ask | show | jobs | submit login

The issues are not due to C but rather failing to verify the PKCS#1v1.5 format. For example, skip verifying the padding or metadata, etc. This allows to insert garbage data in the signatures which leads to successful signature forging.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact