CVE-2023-46234
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Description
### Summary An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. ### Details In `dsaVerify` function, it checks whether the value of the signature is legal by calling function `checkValue`, namely, whether `r` and `s` are both in the interval `[1, q - 1]`. However, the second line of the `checkValue` function wrongly checks the upper bound of the passed parameters, since the value of `b.cmp(q)` can only be `0`, `1` and `-1`, and it can never be greater than `q`. In this way, although the values of `s` cannot be `0`, an attacker can achieve the same effect as zero by setting its value to `q`, and then send `(r, s) = (1, q)` to pass the verification of any public key. ### Impact All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. ### Fix PR: Since the temporary private fork was deleted, here's a webarchive of the PR discussion and diff pages: [PR webarchive.zip](https://github.com/browserify/browserify-sign/files/13172957/PR.webarchive.zip)
How to fix CVE-2023-46234
To remediate CVE-2023-46234, upgrade the affected package to a fixed version below.
- —upgrade to 4.2.1-1+deb11u1 or later
- —upgrade to 4.0.4-2+deb10u1 or later
- —upgrade to 4.2.1-1+deb11u1 or later
- —upgrade to 4.2.2 or later
Is CVE-2023-46234 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.