SUSE CVE-2024-48949

🗓️ 12 Oct 2024 02:48:08Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 2 Views

SUSE vulnerability 2024-48949: Elliptic verify function omits S() bounds validation in eddsa index.js before 6.5.6.

Reporter	Title	Published	Views	Family All 104
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to improper verification of cryptographic signature due to elliptic ( CVE-2024-48949 )	16 Jun 202509:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities	29 Aug 202517:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic	26 Feb 202518:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards that use COS S3 storage are vulnerable to denial of service and security restrictions bypass [CVE-2024-48948] [CVE-2024-48949]	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	9 Dec 202409:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz (Publicly disclosed vulnerability found by Mend)	3 Jun 202510:33	–	ibm
IBM Security Bulletins	Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Management GUI and/or system health monitoring are now fixed in 5.2.3.7 or higher and 6.0.0.2 or higher	2 Apr 202622:00	–	ibm
AstraLinux	Astra Linux – Vulnerability in Node-Elliptic	3 May 202623:59	–	astralinux
CBLMariner	CVE-2024-48949 affecting package reaper for versions less than 3.1.1-13	15 Oct 202423:32	–	cbl_mariner

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Leap	15.6	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
SUSE Linux Enterprise Server	15.4	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.4	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.5	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.6	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.7	any	aws-cli	1.33.26-150400.34.7.1	aws-cli-1.33.26-150400.34.7.1.noarch.rpm
OpenSUSE Leap	15.6	any	pgadmin4	8.5-150600.3.6.1	pgadmin4-8.5-150600.3.6.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2024-48949
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1231557
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-October/019689.html
lists	www.lists.suse.com/pipermail/sle-updates/2025-October/042269.html
lists	www.lists.opensuse.org/archives/list/[email protected]/thread/M7BG5WQRKJLY2OVHOL5KXFLQGUMAI2OC/
lists	www.lists.opensuse.org/archives/list/[email protected]/thread/IL7QOYRPFRGRS6UKU6ZYHI76FWFFUJNK/

20 Jun 2026 02:54Current

9.5High risk

Vulners AI Score9.5

CVSS 3.18.2

EPSS0.00503

elliptic vulnerability eddsa verify flaw nodejs package bounds check