99 matches found
Astra Linux - уязвимость в node-elliptic
The Elliptic package 6.5.7 for Node.js, in its ECDSA implementation, does not correctly verify valid signatures when the hash contains at least four leading 0 bytes, and when the order of the elliptic curve’s base point is smaller than the hash, due to an truncateToN anomaly. This results in vali...
Linux Distros Unpatched Vulnerability : CVE-2025-14505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979...
GHSA-848J-6MX2-7J84 Elliptic Uses a Cryptographic Primitive with a Risky Implementation
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...
CVE-2025-14505
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...
UBUNTU-CVE-2025-14505
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...
CVE-2025-14505 Elliptic Cryptanalysis vulnerability when `k` has leading zeros
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...
EUVD-2020-0571
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-28498
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm th...
Linux Distros Unpatched Vulnerability : CVE-2020-13822
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in elliptic-6.5.4.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of elliptic-6.5.4.tgz Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz (Publicly disclosed vulnerability found by Mend)
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz Publicly disclosed vulnerability found by Mend. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: The Elliptic...
Security Bulletin: Vulnerability in Elliptic package 6.5.7 for Node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Elliptic package 6.5.7 for Node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for addition...
Linux Distros Unpatched Vulnerability : CVE-2024-48948
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0...
Linux Distros Unpatched Vulnerability : CVE-2024-42460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...
Linux Distros Unpatched Vulnerability : CVE-2024-42461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. CVE-2024-42461 Note that Nessus relie...
Linux Distros Unpatched Vulnerability : CVE-2024-42459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can...
Information Exposure
Overview org.webjars.npm:elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Information Exposure due to the sign function which allows an attacker to extract the private key from an ECDSA signature by signing a...
SUSE CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
SUSE CVE-2024-42461
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
elliptic: Missing Validation in Elliptic's EDDSA Signature Verification
A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order...