Astra Linux - уязвимость в node-cipher-base

There is a vulnerability in improper input validation in the cipher-base module, which allows for manipulation of input data. This issue affects cipher-base version 1.0.4...

Atlassian Jira Service Management Data Center and Server 10.3.x < 10.3.16 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16503)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16503 advisory. - Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue...

Security Bulletin: Vulnerability in cipher-base affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in cipher-base has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Improper Input Validation

cipher-base is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to alter processing behavior...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : cipher-base vulnerability (USN-7746-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7746-1 advisory. Nikita Skovoroda discovered that cipher-base did not properly manage certain inputs. An attacker could possibly use th...

Ubuntu: Security Advisory (USN-7746-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7746-1: cipher-base vulnerability

Nikita Skovoroda discovered that cipher-base did not properly manage certain inputs. An attacker could possibly use this issue to manipulate the internal state of hash functions, resulting in hash collisions, denial of service, or other unspecified impact...

USN-7746-1 node-cipher-base vulnerability

Nikita Skovoroda discovered that cipher-base did not properly manage certain inputs. An attacker could possibly use this issue to manipulate the internal state of hash functions, resulting in hash collisions, denial of service, or other unspecified impact...

Debian dla-4291 : node-cipher-base - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4291 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4291-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-4291-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4291-1 node-cipher-base - security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2025-9287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4. CVE-2025-9287 Note that...

Debian: Security Advisory (DSA-5986-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5986-1] node-cipher-base security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5986-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 26, 2025 https://www.debian.org/security/faq -...

DSA-5986-1 node-cipher-base - security update

Bulletin has no description...

Debian dsa-5986 : node-cipher-base - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-5986 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5986-1 [email protected] https://www.debian.org/security/...

SUSE CVE-2025-9287

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

cipher-base is missing type checks, leading to hash rewind and passing on crafted data

Summary This affects e.g. create-hash and crypto-browserify, so I'll describe the issue against that package Also affects create-hmac and other packages Node.js createHash works only on strings or instances of Buffer, TypedArray, or DataView. Missing input type checks in npm create-hash polyfill ...

CVE-2025-9287

An improper input validation vulnerability was found in the cipher-base npm package. Missing input type checks in the polyfill of the Node.js createHash function result in invalid value calculations, hanging and rewinding the hash state, including turning a tagged hash into an untagged hash, for...

@5ht/express (>=1.0.6 <=2.2.0), @audius/sdk (>=0.0.3 <=7.1.1) +7 more potentially affected by CVE-2025-9287 via cipher-base (=1.0.4)

cipher-base NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on cipher-base and may be impacted: - @5ht/express =1.0.6, =0.0.3, =6.0.4, =1.0.1, =1.5.2-beta.1, =1.0.0, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.11 Source cves: CVE-2025-9287 Sourc...