Lucene search
K

44 matches found

OSV
OSV
added 2023/10/26 2:31 p.m.29 views

CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

6.5CVSS7.1AI score0.00508EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/10/26 12:0 a.m.97 views

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.8AI score0.00508EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.5 views

browserify-sign Data Forgery Issue Vulnerability

browserify-sign is a package for replicating the node encryption public key function. A security vulnerability exists in browserify-sign, which stems from a faulty ceiling check in the dsaVerify function that allows an attacker to successfully verify a signature with any public key, leading to a...

7.5CVSS8.6AI score0.00508EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.12 views

PT-2023-9034 · Unknown +5 · Browserify-Sign +5

Name of the Vulnerable Software and Affected Versions: browserify-sign versions prior to 4.2.2 Description: The issue is related to an upper bound check problem in the dsaVerify function, which allows an attacker to construct signatures that can be successfully verified by any public key. This...

10CVSS7.1AI score0.05213EPSS
Exploits10References69
Rows per page
Query Builder