Debian DSA-5539-1 : node-browserify-sign - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5539 advisory. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. ...

Debian: Security Advisory (DSA-5539-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update

An update is now available for Red Hat Openshift distributed tracing 2.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Debian: Security Advisory (DLA-3635-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-5539-1 node-browserify-sign - security update

Bulletin has no description...

[SECURITY] [DLA 3635-1] node-browserify-sign security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3635-1 [email protected] https://www.debian.org/lts/security/ Yadd October 29, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

Debian dla-3635 : node-browserify-sign - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3635 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3635-1 [email protected] https://www.debian.org/lts/security/...

DLA-3635-1 node-browserify-sign - security update

Bulletin has no description...

Improper Verification Of Cryptographic Signature

browserify-sign is vulnerable to Improper Verification Of Cryptographic Signature. An upper bound check issue in DSA verification allows an attacker to construct signatures that can be successfully verified by any public key, which leads to a signature forgery attack. The attacker could exploit...

CVE-2023-46234

A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment. Mitigation No current mitigation is yet available for this flaw...

@affinidi/common-check-widget (=1.5.1), @deep-foundation/deepcase-app (>=0.1.0-beta.20 <=0.1.0-beta.41) +30 more potentially affected by CVE-2023-46234 via browserify-sign (>=2.6.0 <=4.0.4)

browserify-sign NPM version =2.6.0, =0.1.0-beta.20, =1.4.811, =1.1.3, =1.1.1, =1.3.0-15, =3.3.0, =0.1.1, =3.7.0, =0.0.1, =0.0.8 and more Source cves: CVE-2023-46234 Source advisory: OSV:GHSA-X9W5-V3Q2-3RHW...

browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack

Summary An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. Details In dsaVerify function, it checks whether the value of the signature is legal by calling...

GHSA-X9W5-V3Q2-3RHW browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack

Summary An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. Details In dsaVerify function, it checks whether the value of the signature is legal by calling...

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

AZL-31719 CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

DEBIAN-CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

Out-of-bounds

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

UBUNTU-CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

CVE-2023-46234

CVE-2023-46234 affects the node-browserify-sign package used to provide browser-crypto signing functionality. The root cause is an upper bound check issue in the dsaVerify function, which allows an attacker to construct signatures that can be verified by any public key, enabling a signature forge...

CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...