Indutny Elliptic
6 CVEs affecting Indutny Elliptic. Latest disclosed: 2024-10-15. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-48949 | Critical | 9.1 | 2024-10-10 | The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" v… |
CVE-2020-13822 | High | 7.7 | 2020-06-04 | The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could con… |
CVE-2020-28498 | Medium | 6.8 | 2021-02-02 | The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm t… |
CVE-2024-42460 | Medium | 5.3 | 2024-08-02 | In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. |
CVE-2024-42459 | Medium | 5.3 | 2024-08-02 | In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes ca… |
CVE-2024-48948 | Medium | 4.8 | 2024-10-15 | The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading… |