OpenCVE

The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Indutny	Elliptic

Configuration 1 [-]

cpe:2.3:a:indutny:elliptic:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836
https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899

History

Wed, 16 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Indutny Indutny elliptic
CPEs	cpe:2.3:a:elliptic_project:elliptic::::::node.js::*	cpe:2.3:a:indutny:elliptic::::::node.js::*
Vendors & Products	Elliptic Project Elliptic Project elliptic	Indutny Indutny elliptic

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2021-02-02T18:50:18.725744Z

Updated: 2024-09-17T02:00:51.979Z

Reserved: 2020-11-12T00:00:00

Link: CVE-2020-28498

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-02T19:15:13.720

Modified: 2024-10-16T13:45:17.320

Link: CVE-2020-28498

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "elliptic", "vendor": "n/a", "versions": [{"status": "affected", "version": "< 6.5.4"}]}], "credits": [{"lang": "en", "value": "Kyle Den Hartog"}], "datePublic": "2021-02-02T00:00:00", "descriptions": [{"lang": "en", "value": "The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Cryptographic Issues", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-03T15:55:12", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"}], "title": "Cryptographic Issues", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-02-02T18:47:27.222372Z", "ID": "CVE-2020-28498", "STATE": "PUBLIC", "TITLE": "Cryptographic Issues"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "elliptic", "version": {"version_data": [{"version_value": "< 6.5.4"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Kyle Den Hartog"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cryptographic Issues"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899", "refsource": "CONFIRM", "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836", "refsource": "CONFIRM", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836"}, {"name": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md", "refsource": "CONFIRM", "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"}, {"name": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f", "refsource": "CONFIRM", "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:40:59.244Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-28498", "datePublished": "2021-02-02T18:50:18.725744Z", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-09-17T02:00:51.979Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:indutny:elliptic:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "FFA0B018-C763-403E-96CE-C7C7C2DE0203", "versionEndExcluding": "6.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed."}, {"lang": "es", "value": "El paquete elliptic anterior a la versi\u00f3n 6.5.4 es vulnerable a problemas criptogr\u00e1ficos a trav\u00e9s de la implementaci\u00f3n secp256k1 en elliptic/ec/key.js. No hay ninguna comprobaci\u00f3n para confirmar que el punto de la clave p\u00fablica que se pasa a la funci\u00f3n derive existe realmente en la curva secp256k1. Esto resulta en la posibilidad de que la clave privada utilizada en esta implementaci\u00f3n sea revelada despu\u00e9s de realizar una serie de operaciones ECDH"}], "id": "CVE-2020-28498", "lastModified": "2024-10-16T13:45:17.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "report@snyk.io", "type": "Primary"}]}, "published": "2021-02-02T19:15:13.720", "references": [{"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}