Elliptic Security Vulnerabilities and Issues — Elliptic CVE List

Lucene search

IndutnyElliptic

4 matches found

CVE•added 2024/10/10 1:15 a.m.•99 views

CVE-2024-48949

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

9.1CVSS7AI score0.00102EPSS

CVE•added 2024/10/15 2:15 p.m.•90 views

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to va...

4.8CVSS7.1AI score0.00057EPSS

CVE•added 2024/08/02 7:16 a.m.•53 views

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.

5.3CVSS7.2AI score0.00083EPSS

CVE•added 2024/08/02 7:16 a.m.•51 views

CVE-2024-42460

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.

5.3CVSS7.2AI score0.00152EPSS