Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-46234

Опубликовано: 26 окт. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

4.2.2-1
esm-apps/bionic

released

4.0.4-2ubuntu0.18.04.1~esm1
esm-apps/focal

released

4.0.4-2ubuntu0.20.04.1
esm-apps/jammy

released

4.2.1-2ubuntu0.1
esm-apps/noble

not-affected

4.2.2-1
focal

released

4.0.4-2ubuntu0.20.04.1
jammy

released

4.2.1-2ubuntu0.1
lunar

ignored

end of life, was needs-triage
mantic

released

4.2.1-3ubuntu0.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 57%
0.00353
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-46234

CVSS3: 7.5
redhat
больше 1 года назад

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

nvd логотип

CVE-2023-46234

CVSS3: 6.5
nvd
больше 1 года назад

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

msrc логотип

CVE-2023-46234

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-46234

CVSS3: 6.5
debian
больше 1 года назад

browserify-sign is a package to duplicate the functionality of node's ...

github логотип

GHSA-x9w5-v3q2-3rhw

CVSS3: 7.5
github
больше 1 года назад

browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack

EPSS

Процентиль: 57%
0.00353
Низкий

6.5 Medium

CVSS3