Untriaged
pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
References
Affected products
pbkdf2
- =<3.1.2
Matching in nixpkgs
pkgs.fastpbkdf2
Fast PBKDF2-HMAC-{SHA1,SHA256,SHA512} implementation in C
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python312Packages.pbkdf2
None
-
nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3
pkgs.python313Packages.pbkdf2
None
-
nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3
pkgs.python312Packages.fastpbkdf2
Python bindings for fastpbkdf2
-
nixos-unstable -
- nixpkgs-unstable fastpbkdf2-0.2
pkgs.python313Packages.fastpbkdf2
Python bindings for fastpbkdf2
-
nixos-unstable -
- nixpkgs-unstable fastpbkdf2-0.2
pkgs.chickenPackages_5.chickenEggs.pbkdf2
Password-Based Key Derivation Function as defined in RFC2898
-
nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3
Package maintainers
-
@ledif Adam Fidel <refuse@gmail.com>
-
@jqueiroz Jonathan Queiroz <nixos@johnjq.com>