Missing type checks leading to hash rewind and passing on crafted data

...

GHSA-95M3-7Q98-8XR5 sha.js is missing type checks leading to hash rewind and passing on crafted data

Summary This is the same as GHSA-cpq7-6gpm-g9rc but just for sha.js, as it has its own implementation. Missing input type checks can allow types other than a well-formed Buffer or string, resulting in invalid values, hanging and rewinding the hash state including turning a tagged hash into an...

sha.js is missing type checks leading to hash rewind and passing on crafted data

Summary This is the same as GHSA-cpq7-6gpm-g9rc but just for sha.js, as it has its own implementation. Missing input type checks can allow types other than a well-formed Buffer or string, resulting in invalid values, hanging and rewinding the hash state including turning a tagged hash into an...

cipher-base is missing type checks, leading to hash rewind and passing on crafted data

Summary This affects e.g. create-hash and crypto-browserify, so I'll describe the issue against that package Also affects create-hmac and other packages Node.js createHash works only on strings or instances of Buffer, TypedArray, or DataView. Missing input type checks in npm create-hash polyfill ...

GHSA-CPQ7-6GPM-G9RC cipher-base is missing type checks, leading to hash rewind and passing on crafted data

Summary This affects e.g. create-hash and crypto-browserify, so I'll describe the issue against that package Also affects create-hmac and other packages Node.js createHash works only on strings or instances of Buffer, TypedArray, or DataView. Missing input type checks in npm create-hash polyfill ...

Function Call With Incorrect Argument Type

Overview Affected versions of this package are vulnerable to Function Call With Incorrect Argument Type due to missing type checks in the update function in the hash.js file. An attacker can manipulate input data by supplying crafted data that causes a hash rewind and unintended data processing...

CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

CVE-2025-9287 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

CVE-2025-9287 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...