Lucene search
GoogleOSV:GHSA-49Q7-C7J4-3P7MHistoryAug 02, 2024 - 9:31 a.m.
Elliptic allows BER-encoded signatures
2024-08-0209:31:35
Google
osv.dev
43
elliptic
node.js
ecdsa
signature
malleability
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
39.6%
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
Related
debiancve
debiancve
CVE-2024-42461
2024-08-02 07:16:10
cbl_mariner
cbl_mariner
CVE-2024-42461 affecting package reaper for versions less than 3.1.1-11
2024-09-03 11:12:01
github
github
Elliptic allows BER-encoded signatures
2024-08-02 09:31:35
redhatcve
redhatcve
CVE-2024-42461
2024-08-06 16:20:33
veracode
veracode
ECDSA Signature Malleability
2024-08-06 10:41:32
osv
osv
CVE-2024-42461
2024-08-02 07:16:10
nvd
nvd
CVE-2024-42461
2024-08-02 07:16:10
vulnrichment
vulnrichment
CVE-2024-42461
2024-08-02 00:00:00
cvelist
cvelist
CVE-2024-42461
2024-08-02 00:00:00
ubuntucve
ubuntucve
CVE-2024-42461
2024-08-02 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: reaper (CVE-2024-42461)
2024-09-12 00:00:00
cve
cve
CVE-2024-42461
2024-08-02 07:16:10
ibm
ibm
redhat
redhat
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
39.6%
Related for OSV:GHSA-49Q7-C7J4-3P7M