CVE-2023-46234MEDIUMCVSS 6.5fixed in node-browserify-sign 4.2.1-3+deb12u1 (bookworm)2023
CVE-2023-46234 [MEDIUM] CVE-2023-46234: node-browserify-sign - browserify-sign is a package to duplicate the functionality of node's crypto pub...
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack
debian