4 matches found
CVE-2024-42459
A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn't properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues. Mitigation Mitigation fo...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42459
CVE-2024-42459 concerns the Elliptic package (Node.js) version 6.5.6. The issue is EDDSA signature malleability caused by a missing signature length check, enabling zero-valued bytes to be removed or appended. The CVE notes a base score of 5.3 (Medium) with network attack vector but no customer-p...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...