Astra Linux - уязвимость в node-elliptic

The Elliptic package 6.5.7 for Node.js, in its ECDSA implementation, does not correctly verify valid signatures when the hash contains at least four leading 0 bytes, and when the order of the elliptic curve’s base point is smaller than the hash, due to an truncateToN anomaly. This results in vali...

GHSA-848J-6MX2-7J84 Elliptic Uses a Cryptographic Primitive with a Risky Implementation

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

SUSE CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

elliptic: Missing Validation in Elliptic's EDDSA Signature Verification

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order...

UBUNTU-CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

PT-2024-33289 · Node.Js +2 · Elliptic +2

Name of the Vulnerable Software and Affected Versions: Elliptic versions prior to 6.6.0 Description: The Elliptic package for Node.js, in its ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic...

GHSA-49Q7-C7J4-3P7M Elliptic allows BER-encoded signatures

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

UBUNTU-CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

GHSA-VH7M-P724-62C2 Signature Malleabillity in elliptic

The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature...

DEBIAN-CVE-2020-13822

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature...

PT-2020-13705 · Elliptic · Elliptic

Name of the Vulnerable Software and Affected Versions: Elliptic package versions prior to 6.5.3 Description: The issue allows ECDSA signature malleability via variations in encoding, leading '0' bytes, or integer overflows. This could have a security-relevant impact if an application relied on a...