CNNVD-202506-2936 Information

CNNVD ID

CNNVD-202506-2936

Related CVE

CVE-2025-6547

• CNNVD Published: 2025-06-23

Description (Chinese)

Browserify pbkdf2是Browserify开源的一个哈希算法软件 Browserify pbkdf2 3.1.2及之前版本存在安全漏洞，该漏洞源于输入验证不当导致签名欺骗。

Description (English)

Brownserifiy pbkdf2 is a Hashi algorithm from Brownserifi. Brownserify pbkdf2 3.1.2 and previous versions had a security loophole, which stemmed from the signature fraud caused by input error.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Browserify

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59 https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb https://access.redhat.com/security/cve/cve-2025-6547 https://vigilance.fr/vulnerability/pbkdf2-weak-signature-via-Signature-Spoofing-47599

Patch

https://github.com/browserify/pbkdf2/releases/tag/v3.1.3