2 matches found
CVE-2023-39969
CVE-2023-39969 affects uthenticode, a cross-platform library for partial Authenticode verification. In version 1.0.9, the library hashed the entire file instead of hashing sections by virtual address, violating the Authenticode spec and enabling an attacker to modify binary code without altering ...
CVE-2023-40012
The CVE concerns uthenticode, a cross‑platform library used to partially verify Authenticode signatures. The root cause is that versions prior to the 2.x series did not check Extended Key Usages (EKU) in certificates, allowing a maliciously issued certificate (e.g., SSL) to produce a “signed” PE ...