7925 matches found
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42460
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...
CVE-2024-42461
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
CVE-2024-42461
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
CVE-2024-42460
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...
CVE-2024-42461
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
CVE-2024-42460
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...
CVE-2024-42460
CVE-2024-42460 : In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability is caused by a missing check for whether the leading bit of r and s is zero. The IBM bulletin aggregates multiple Elliptic-related CVEs and confirms fixes are shipped for IBM Storage Scale products (not detai...
CVE-2024-42461
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42461
CVE-2024-42461 : In the Node.js Elliptic package v6.5.6, an ECDSA signature malleability vulnerability exists because BER-encoded signatures are allowed. The connected IBM page lists the issue and confirms a CVSS v3.1 base score of 5.3 (confidentiality: Low, integrity: None, availability: None). ...
CVE-2024-42461
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
CVE-2024-42460
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...
CVE-2024-42459
CVE-2024-42459 concerns the Elliptic package (Node.js) version 6.5.6. The issue is EDDSA signature malleability caused by a missing signature length check, enabling zero-valued bytes to be removed or appended. The CVE notes a base score of 5.3 (Medium) with network attack vector but no customer-p...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42461
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42460
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42460
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...