14 matches found
EUVD-2023-44635
Malicious code in bioql PyPI...
CVE-2023-40012
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...
CVE-2023-39969
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code...
Design/Logic Flaw
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...
CVE-2023-39969 uthenticode signature validation bypass vulnerability
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code...
CVE-2023-39969 uthenticode signature validation bypass vulnerability
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code...
CVE-2023-39969
CVE-2023-39969 affects uthenticode, a cross-platform library for partial Authenticode verification. In version 1.0.9, the library hashed the entire file instead of hashing sections by virtual address, violating the Authenticode spec and enabling an attacker to modify binary code without altering ...
CVE-2023-40012 uthenticode EKU validation bypass
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...
CVE-2023-40012 uthenticode EKU validation bypass
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...
CVE-2023-40012
The CVE concerns uthenticode, a cross‑platform library used to partially verify Authenticode signatures. The root cause is that versions prior to the 2.x series did not check Extended Key Usages (EKU) in certificates, allowing a maliciously issued certificate (e.g., SSL) to produce a “signed” PE ...
CVE-2023-40012 uthenticode EKU validation bypass
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...
PT-2023-27181 · Unknown · Uthenticode
Name of the Vulnerable Software and Affected Versions: uthenticode version 1.0.9 Description: uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address,...
uthenticode Data Forgery Issue Vulnerability
Authenticode is Trail of Bits open source a small cross-platform library . Used to partially verify Authenticode digital signatures. A data forgery issue vulnerability exists in uthenticode version 1.0.9, which stems from a vulnerability that allows an attacker to modify code in a binary file...
PT-2023-27207 · Unknown · Uthenticode
Name of the Vulnerable Software and Affected Versions: uthenticode versions prior to 2.x Description: The issue concerns uthenticode, a library for partially verifying Authenticode digital signatures. It does not check Extended Key Usages in certificates, which is against the Authenticode X.509...