VYPR

uthenticode

by Trailofbits

CVEs (2)

  • CVE-2023-39969Aug 9, 2023
    risk 0.00cvss epss 0.00

    uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker…

  • CVE-2023-40012Aug 9, 2023
    risk 0.00cvss epss 0.00

    uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a…