CVE-2024-49365
tiny-secp256k1 allows for verify() bypass when running in bundled environment
描述
### Summary A malicious JSON-stringifyable message can be made passing on `verify()`, when global Buffer is [`buffer` package](https://www.npmjs.com/package/buffer) ### Details This affects only environments where `require('buffer')` is <https://npmjs.com/buffer> E.g.: browser bundles, React Native apps, etc. `Buffer.isBuffer` check can be bypassed, resulting in strange objects being accepted as `message`, and those messages could trick `verify()` into returning false-positive `true` values v2.x is unaffected as it verifies input to be an actual `Uint8Array` instance Such a message can be constructed for any already known message/signature pair There are some restrictions though (also depending on the known message/signature), but not very limiting, see PoC for example https://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this ### PoC This code deliberately doesn't provide `reencode` for now, could be updated later ```js import { randomBytes } from 'crypto' import tiny from 'tiny-secp256k1' // 1.1.6 // Random keypair const privateKey = randomBytes(32) const publicKey = tiny.pointFromScalar(privateKey) const valid = Buffer.alloc(32).fill(255) // let's sign a static buffer const signature = tiny.sign(valid, privateKey) // Prevent processing any unverified data by fail-closed throwing function verified(data, signature) { if (!Buffer.isBuffer(data)) data = Buffer.from(data, 'hex') if (!tiny.verify(data, publicKey, signature)) throw new Error('Signature invalid!') return new Uint8Array(data) } function safeProcess(payload) { const totally = JSON.parse(payload) // e.g. json over network const message = verified(totally, signature) console.log(message instanceof Uint8Array) console.log(Buffer.from(message).toString('utf8')) } const payload = reencode(valid, "Secure contain protect") safeProcess(payload) ``` Output (after being bundled): ```console true Secure contain protect���� ``` ### Impact Malicious messages could crafted to be verified from a given known valid message/signature pair
如何修補 CVE-2024-49365
要修補 CVE-2024-49365,請將受影響套件升級到下列已修補版本。
- —升級至 1.1.7 或更新版本
CVE-2024-49365 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。