GHSA-x9w5-v3q2-3rhw

Suggest an improvement
Source
https://github.com/advisories/GHSA-x9w5-v3q2-3rhw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-x9w5-v3q2-3rhw/GHSA-x9w5-v3q2-3rhw.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x9w5-v3q2-3rhw
Aliases
Published
2023-10-26T20:53:21Z
Modified
2024-02-28T03:30:30Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Details

Summary

An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.

Details

In dsaVerify function, it checks whether the value of the signature is legal by calling function checkValue, namely, whether r and s are both in the interval [1, q - 1]. However, the second line of the checkValue function wrongly checks the upper bound of the passed parameters, since the value of b.cmp(q) can only be 0, 1 and -1, and it can never be greater than q.

In this way, although the values of s cannot be 0, an attacker can achieve the same effect as zero by setting its value to q, and then send (r, s) = (1, q) to pass the verification of any public key.

Impact

All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.

Fix PR:

Since the temporary private fork was deleted, here's a webarchive of the PR discussion and diff pages: PR webarchive.zip

References

Affected packages

npm / browserify-sign

Package

Affected ranges

Type
SEMVER
Events
Introduced
2.6.0
Fixed
4.2.2

Ecosystem specific

{
    "affected_functions": [
        "(browserify-sign).Verify"
    ]
}

Database specific

{
    "last_known_affected_version_range": "<= 4.2.1"
}