ECDSA Signature Malleability Vulnerability in Elliptic Package 6.5.6 for Node.js
CVE-2024-42460

Currently unrated

Key Information:

Vendor: Elliptic
Vendor: CVE Published:; 2 August 2024

Summary

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.

References

https://github.com/indutny/elliptic/pull/317

Timeline

Vulnerability published
Aug 2, 2024