Use of a Cryptographic Primitive with a Risky Implementation

Overview elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to the incorrect computation of the byte-length of k value with leading zeros resulting ...

org.webjars.npm:bitcore-lib (=0.15.0), org.webjars.npm:bitcore-mnemonic (=1.5.0) +3 more potentially affected by unknown CVE via org.webjars.npm:elliptic (>=6.4.0 <=6.5.4)

org.webjars.npm:elliptic MAVEN version =6.4.0, =6.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:elliptic and may be impacted: - org.webjars.npm:bitcore-lib =0.15.0 - org.webjars.npm:bitcore-mnemonic =1.5.0 - org.webjars.npm:eccryp...

0x-relayer-cat (>=0.0.2 <=0.0.10), 0xauth (>=0.0.2 <=0.0.6) +9114 more potentially affected by CVE-2024-48948 via elliptic (>=0.10.2 <=6.5.7)

elliptic NPM version =0.10.2, =0.0.2, =0.0.2, =1.0.6, =0.0.1-beta.1, =1.0.0, =0.1.0, =0.0.92, =0.1.3, =4.2.1, =6.2.1, =6.2.4 and more Source cves: CVE-2024-48948 Source advisory: OSV:GHSA-FC9H-WHQ2-V747...

SUSE CVE-2024-48949

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg" validation...

0x-relayer-cat (>=0.0.2 <=0.0.10), 0xauth (>=0.0.2 <=0.0.6) +8846 more potentially affected by CVE-2024-48949 via elliptic (>=0.10.2 <=6.5.5)

elliptic NPM version =0.10.2, =0.0.2, =0.0.2, =1.0.6, =0.0.1-beta.1, =1.0.0, =0.1.0, =0.0.92, =0.1.3, =4.2.1, =6.2.1, =6.2.4 and more Source cves: CVE-2024-48949 Source advisory: OSV:GHSA-434G-2637-QMQR...

0x-relayer-cat (>=0.0.2 <=0.0.10), 0xauth (>=0.0.2 <=0.0.6) +8800 more potentially affected by CVE-2024-42460 via elliptic (>=2.0.2 <=6.5.6)

elliptic NPM version =2.0.2, =0.0.2, =0.0.2, =1.0.6, =0.0.1-beta.1, =1.0.0, =0.1.0, =0.0.92, =0.1.3, =4.2.1, =6.2.1, =6.2.4 and more Source cves: CVE-2024-42460 Source advisory: OSV:GHSA-977X-G7H5-7QGW...

0x-relayer-cat (>=0.0.2 <=0.0.10), 0xauth (>=0.0.2 <=0.0.6) +8118 more potentially affected by CVE-2024-42461 via elliptic (>=5.2.1 <=6.5.6)

elliptic NPM version =5.2.1, =0.0.2, =0.0.2, =1.0.6, =0.0.1-beta.1, =0.1.0, =0.0.92, =0.1.3, =4.2.1, =6.2.1, =13.6.1, =13.7.2 and more Source cves: CVE-2024-42461 Source advisory: OSV:GHSA-49Q7-C7J4-3P7M...

Uncaught Exception

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: via the P256.ScalarMult or P256.ScalarBaseMult functions when provided with a crafted scalar input longer than 32 byte...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-1901)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb...

3dcore-lib (=0.17.9), 42-cli (>=1.0.0 <=1.0.4) +2737 more potentially affected by CVE-2020-28498 via elliptic (>=0.10.2 <=6.5.3)

elliptic NPM version =0.10.2, =1.0.0, =1.0.0, =0.1.0, =0.0.0-alpha8, =2.0.0, =2.0.0, =1.0.0, =1.5.1, =2.0.0, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =2.1.1 and more Source cves: CVE-2020-28498 Source advisory: OSV:GHSA-R9P9-MRJM-926W...

3dcore-lib (=0.17.9), @0xcert/client (>=1.0.0 <=1.0.2) +1810 more potentially affected by CVE-2020-28498 via elliptic (>=6.0.2 <=6.5.3)

elliptic NPM version =6.0.2, =1.0.0, =0.1.0, =0.0.0-alpha8, =2.0.0, =2.0.0, =1.0.0, =1.5.1, =2.0.0, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =2.1.1 and more Source cves: CVE-2020-28498 Source advisory: SNYK:JS-ELLIPTIC-1064899...

3dcore-lib (=0.17.9), 42-cli (>=1.0.0 <=1.0.4) +2490 more potentially affected by CVE-2020-13822 via elliptic (>=0.10.2 <=6.5.2)

elliptic NPM version =0.10.2, =1.0.0, =1.0.0, =0.1.0, =0.0.0-alpha8, =2.0.0, =2.0.0, =1.0.0, =1.5.1, =2.0.0, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =0.0.0-alpha8, =2.1.1 and more Source cves: CVE-2020-13822 Source advisory: OSV:GHSA-VH7M-P724-62C2...