44 matches found
CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...
CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...
browserify-sign Data Forgery Issue Vulnerability
browserify-sign is a package for replicating the node encryption public key function. A security vulnerability exists in browserify-sign, which stems from a faulty ceiling check in the dsaVerify function that allows an attacker to successfully verify a signature with any public key, leading to a...
PT-2023-9034 · Unknown +5 · Browserify-Sign +5
Name of the Vulnerable Software and Affected Versions: browserify-sign versions prior to 4.2.2 Description: The issue is related to an upper bound check problem in the dsaVerify function, which allows an attacker to construct signatures that can be successfully verified by any public key. This...