5 matches found
DEBIAN-CVE-2025-14505
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...
CVE-2025-14505
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...
CVE-2025-14505 Elliptic Cryptanalysis vulnerability when `k` has leading zeros
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...
CVE-2025-14505
The CVE-2025-14505 entry concerns Elliptic’s ECDSA implementation. A fault in the ECDSA signing path occurs when the interim value of k (per RFC 6979 step 3.2) has leading zeros, causing the byte-length of k to be computed incorrectly and truncated. This can allow cryptanalytic leakage of the sec...
PT-2026-1743
Name of the Vulnerable Software and Affected Versions Elliptic versions prior to 6.6.2 Description The ECDSA implementation within the Elliptic package produces incorrect signatures when an interim value of k calculated according to step 3.2 of RFC 6979 contains leading zeros, making it susceptib...