| CVE-2025-14505 |
unknown |
— |
— |
|
|
|
5mo ago |
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) … |
| CVE-2024-48948 |
unknown |
— |
— |
|
|
|
2y ago |
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the ellipt… |
| CVE-2024-48949 |
unknown |
— |
— |
|
|
|
2y ago |
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. |
| CVE-2024-42461 |
unknown |
— |
— |
|
|
|
2y ago |
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. |
| CVE-2024-42459 |
unknown |
— |
— |
|
|
|
2y ago |
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended. |
| CVE-2024-42460 |
unknown |
— |
— |
|
|
|
2y ago |
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. |
| CVE-2020-28498 |
unknown |
— |
— |
|
|
|
5y ago |
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the… |
| CVE-2020-13822 |
unknown |
— |
— |
|
|
|
6y ago |
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact… |
