Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-6545

Опубликовано: 23 июн. 2025
Источник: debian

Описание

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
node-pbkdf2unfixedpackage
node-pbkdf2no-dsabookwormpackage
node-pbkdf2postponedbullseyepackage

Примечания

  • https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6

  • Introduced by: https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078 (v3.0.10)

  • Fixed by: https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb (v3.1.3)

Связанные уязвимости

ubuntu
25 дней назад

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

CVSS3: 8.1
redhat
25 дней назад

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

nvd
25 дней назад

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

github
25 дней назад

pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos

CVSS3: 10
fstec
26 дней назад

Уязвимость библиотеки pbkdf2 программной платформы Node.js, связанная с недостатками механизма проверки входных данных, позволяющая нарушителю подделать цифровую подпись