Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14OXc1LXYzcTItM3Jod84AA2uZ
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Summary
An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.
Details
In dsaVerify function, it checks whether the value of the signature is legal by calling function checkValue, namely, whether r and s are both in the interval [1, q - 1]. However, the second line of the checkValue function wrongly checks the upper bound of the passed parameters, since the value of b.cmp(q) can only be 0, 1 and -1, and it can never be greater than q.
In this way, although the values of s cannot be 0, an attacker can achieve the same effect as zero by setting its value to q, and then send (r, s) = (1, q) to pass the verification of any public key.
Impact
All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.
Fix PR:
Since the temporary private fork was deleted, here's a webarchive of the PR discussion and diff pages: PR webarchive.zip
Permalink: https://github.com/advisories/GHSA-x9w5-v3q2-3rhwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OXc1LXYzcTItM3Jod84AA2uZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 9 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Percentage: 0.00109
EPSS Percentile: 0.45464
Identifiers: GHSA-x9w5-v3q2-3rhw, CVE-2023-46234
References:
- https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw
- https://nvd.nist.gov/vuln/detail/CVE-2023-46234
- https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30
- https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2
- https://lists.fedoraproject.org/archives/list/[email protected]/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ
- https://www.debian.org/security/2023/dsa-5539
- https://github.com/advisories/GHSA-x9w5-v3q2-3rhw
Blast Radius: 43.6
Affected Packages
npm:browserify-sign
Dependent packages: 388Dependent repositories: 644,820
Downloads: 40,933,444 last month
Affected Version Ranges: >= 2.6.0, <= 4.2.1
Fixed in: 4.2.2
All affected versions: 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.8.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.8, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.2.0, 4.2.1
All unaffected versions: 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.5.1, 2.5.2, 4.2.2, 4.2.3