9 matches found
EUVD-2024-2944
Malicious code in bioql PyPI...
CVE-2024-48930
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
GHSA-584Q-6J8J-R5PM secp256k1-node allows private key extraction over ECDH
Summary In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.jsL37-L39 loadCompressedPublicKey is, however, missing that check:...
secp256k1-node allows private key extraction over ECDH
Summary In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.jsL37-L39 loadCompressedPublicKey is, however, missing that check:...
CVE-2024-48930
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
CVE-2024-48930 secp256k1-node vulnerable to private key extraction over ECDH
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
CVE-2024-48930 secp256k1-node vulnerable to private key extraction over ECDH
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
secp256k1-node 安全漏洞
secp256k1-node is an open source library from cryptocoinjs. A security vulnerability exists in secp256k1-node, which stems from a lack of checking in loadCompressedPublicKey, allowing an attacker to recover the private key. The affected versions are as follows: version 5.0.0, version 4.0.3, versi...
PT-2024-33278 · Unknown · Secp256K1-Node
Name of the Vulnerable Software and Affected Versions: secp256k1-node versions prior to 5.0.1 secp256k1-node versions prior to 4.0.4 secp256k1-node versions prior to 3.8.1 Description: The issue affects the elliptic-based version of secp256k1-node, where the loadCompressedPublicKey function is...