EUVD-2023-2835

Malicious code in bioql PyPI...

USN-6800-1 node-browserify-sign vulnerability

It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a signature forgery attack...

Improper Verification Of Cryptographic Signature

browserify-sign is vulnerable to Improper Verification Of Cryptographic Signature. An upper bound check issue in DSA verification allows an attacker to construct signatures that can be successfully verified by any public key, which leads to a signature forgery attack. The attacker could exploit...

PT-2023-9034 · Unknown +5 · Browserify-Sign +5

Name of the Vulnerable Software and Affected Versions: browserify-sign versions prior to 4.2.2 Description: The issue is related to an upper bound check problem in the dsaVerify function, which allows an attacker to construct signatures that can be successfully verified by any public key. This...