Suggestions search

Untriaged

Filter by:

With package: python312Packages.pbkdf2

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2025-6547

created 6 months ago

On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.

References

https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59 third-party-advisory
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdd… patch
https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59 third-party-advisory
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdd… patch

Affected products

pbkdf2

==>= 1 <=3.1.2
==<=3.1.2

Matching in nixpkgs

pkgs.fastpbkdf2

Fast PBKDF2-HMAC-{SHA1,SHA256,SHA512} implementation in C

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python312Packages.pbkdf2

None

nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3

pkgs.python313Packages.pbkdf2

None

nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3

pkgs.python312Packages.fastpbkdf2

Python bindings for fastpbkdf2

nixos-unstable -
- nixpkgs-unstable fastpbkdf2-0.2

pkgs.python313Packages.fastpbkdf2

Python bindings for fastpbkdf2

nixos-unstable -
- nixpkgs-unstable fastpbkdf2-0.2

pkgs.chickenPackages_5.chickenEggs.pbkdf2

Password-Based Key Derivation Function as defined in RFC2898

nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3

Package maintainers

@ledif Adam Fidel <refuse@gmail.com>
@jqueiroz Jonathan Queiroz <nixos@johnjq.com>

Permalink CVE-2025-6545

created 6 months ago

pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

References

https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6 third-party-advisory
https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7… x_introduced-by
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdd… patch

Affected products

pbkdf2

=<3.1.2

Matching in nixpkgs

pkgs.fastpbkdf2

Fast PBKDF2-HMAC-{SHA1,SHA256,SHA512} implementation in C

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python312Packages.pbkdf2

None

nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3

pkgs.python313Packages.pbkdf2

None

nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3

pkgs.python312Packages.fastpbkdf2

Python bindings for fastpbkdf2

nixos-unstable -
- nixpkgs-unstable fastpbkdf2-0.2

pkgs.python313Packages.fastpbkdf2

Python bindings for fastpbkdf2

nixos-unstable -
- nixpkgs-unstable fastpbkdf2-0.2

pkgs.chickenPackages_5.chickenEggs.pbkdf2

Password-Based Key Derivation Function as defined in RFC2898

nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3

Package maintainers

@ledif Adam Fidel <refuse@gmail.com>
@jqueiroz Jonathan Queiroz <nixos@johnjq.com>