2246470 – (CVE-2023-46234) CVE-2023-46234 browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack

Bug 2246470 (CVE-2023-46234) - CVE-2023-46234 browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack

Summary: CVE-2023-46234 browserify-sign: upper bound check issue in dsaVerify leads to...

Keywords:
Status:	NEW
Alias:	CVE-2023-46234
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2246472 2246628 2246630 2246471 2246474 2246475 2246476 2246629 2246631 2246632 2246633
Blocks:	2246478
TreeView+	depends on / blocked

Reported:	2023-10-27 05:34 UTC by TEJ RATHI
Modified:	2024-02-16 18:40 UTC (History)
CC List:	102 users (show)
Fixed In Version:	browserify-sign 4.2.2
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:6180	0	None	None	None	2023-10-30 12:53:57 UTC

Description TEJ RATHI 2023-10-27 05:34:50 UTC

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw
https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30

Comment 6 Patrick Del Bello 2023-10-27 17:43:26 UTC

Created golang-github-prometheus tracking bugs for this issue:

Affects: epel-all [bug 2246628]


Created mozjs78 tracking bugs for this issue:

Affects: fedora-all [bug 2246631]


Created seamonkey tracking bugs for this issue:

Affects: epel-all [bug 2246629]
Affects: fedora-all [bug 2246632]


Created yarnpkg tracking bugs for this issue:

Affects: epel-all [bug 2246630]
Affects: fedora-all [bug 2246633]

Comment 8 errata-xmlrpc 2023-10-30 12:53:51 UTC

This issue has been addressed in the following products:

  Red Hat Openshift distributed tracing 2.9

Via RHSA-2023:6180 https://access.redhat.com/errata/RHSA-2023:6180

Note You need to log in before you can comment on or make changes to this bug.

aileenc
amasferr
amctagga
asoldano
aveerama
bbaranow
bbuckingham
bcourt
bdettelb
bmaxwell
brian.stansberry
caswilli
cdewolf
chazlett
cmiranda
darran.lofthouse
davidn
dfreiber
dhanak
dkreling
dosoudil
dsimansk
ehelms
epacific
eric.wittmann
fjuma
gmalinko
gparvin
hkataria
ibek
ivassile
iweiss
janstey
jburrell
jcammara
jcantril
jchui
jhardy
jkoehler
jneedle
jobarker
jrokos
jshaughn
jsherril
jwendell
jweng
kaycoth
kshier
ktsao
kverlaen
lball
lgao
lzap
mabashia
matzew
mhulan
mkudlej
mnovotny
mosmerov
msochure
mstefank
msvehla
mwringe
nbecker
nboldt
njean
nmoumoul
nwallace
orabin
osapryki
owatkins
pahickey
pantinor
pcongius
pcreech
pdelbell
peholase
periklis
pjindal
pmackay
rcernich
rchan
rgarg
rguimara
rhaigner
rhuss
rogbas
rstancel
sdawley
shbose
simaishi
skontopo
smaestri
smcdonal
teagle
tjochec
tom.jenkinson
twalsh
ubhargav
vkumar
yguenane
zsadeh