6 matches found
@runspace/ataraxia-auth (=0.0.0), @runspace/cli (>=0.1.6 <=0.1.8) +19 more potentially affected by unknown CVE via @stablelib/cbor (>=1.0.1 <=1.0.2)
@stablelib/cbor NPM version =1.0.1, =0.1.6, =0.1.3, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.8.0, =0.9.0, =0.9.0, =0.8.0, =0.8.0, =0.8.0, =0.11.0, =0.11.0, =0.12.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5JG4-P4QW-CGFR...
GHSA-5JG4-P4QW-CGFR @stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags
Summary @stablelib/cbor decodes nested CBOR structures recursively and does not enforce a maximum nesting depth. A sufficiently deep attacker-controlled CBOR payload can therefore crash decoding with RangeError: Maximum call stack size exceeded. Details The decoder processes arrays, maps, and...
@runspace/ataraxia-auth (=0.0.0), @runspace/cli (>=0.1.6 <=0.1.8) +19 more potentially affected by unknown CVE via @stablelib/cbor (>=1.0.1 <=1.0.2)
@stablelib/cbor NPM version =1.0.1, =0.1.6, =0.1.3, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.8.0, =0.9.0, =0.9.0, =0.8.0, =0.8.0, =0.8.0, =0.11.0, =0.11.0, =0.12.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W48F-FWG7-WW6P...
3box-orbitdb-plugins (>=2.0.0 <=2.1.2), 3id-connect (>=0.1.0 <=1.0.0-beta.15) +2280 more potentially affected by unknown CVE via @stablelib/ed25519 (>=0.7.2 <=1.0.3)
@stablelib/ed25519 NPM version =0.7.2, =2.0.0, =0.1.0, =1.0.0-alpha.6, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.21, =1.0.42, =0.0.1, =0.1.0, =1.0.0, =1.10.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-X3FF-W252-2G7J...
Improper Verification of Cryptographic Signature
Overview @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verify function. An attacker can generate a second distinct valid signature for the same message without access to the private key by...
GHSA-X3FF-W252-2G7J StableLib Ed25519 Signature Malleability via Missing S < L Check
Ed25519 Signature Malleability via Missing S = L to prevent signature malleability. When S = L, SB = S mod LB = S - LB, meaning two different 32-byte S values produce the same verification result. An attacker who observes a valid signature R, S can produce a second valid signature R, S + L for th...