2. Incorrect PKCS#1v1.5 Padding Verification for RSA Signature Check
The implementation of RSA signature verification was vulnerable to a Bleichenbacher RSA signature forgery attack when keys with a small public exponent were used.
Reported by the Advanced Threat Research team at Intel Security.