7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
24.9%
An upper bound check issue in dsaVerify
function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.
In dsaVerify
function, it checks whether the value of the signature is legal by calling function checkValue
, namely, whether r
and s
are both in the interval [1, q - 1]
. However, the second line of the checkValue
function wrongly checks the upper bound of the passed parameters, since the value of b.cmp(q)
can only be 0
, 1
and -1
, and it can never be greater than q
.
In this way, although the values of s
cannot be 0
, an attacker can achieve the same effect as zero by setting its value to q
, and then send (r, s) = (1, q)
to pass the verification of any public key.
All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.
Since the temporary private fork was deleted, here’s a webarchive of the PR discussion and diff pages: PR webarchive.zip
CPE | Name | Operator | Version |
---|---|---|---|
browserify-sign | ge | 2.6.0 | |
browserify-sign | le | 4.2.1 |
github.com/advisories/GHSA-x9w5-v3q2-3rhw
github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30
github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw
lists.debian.org/debian-lts-announce/2023/10/msg00040.html
lists.fedoraproject.org/archives/list/[email protected]/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
lists.fedoraproject.org/archives/list/[email protected]/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
nvd.nist.gov/vuln/detail/CVE-2023-46234
www.debian.org/security/2023/dsa-5539