{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-42460", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T15:06:20.404Z", "dateReserved": "2024-08-02T00:00:00", "datePublished": "2024-08-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-02T07:08:40.177526"}, "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/indutny/elliptic/pull/317"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-130", "lang": "en", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency"}]}], "affected": [{"vendor": "elliptic_project", "product": "elliptic", "cpes": ["cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.5.6", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T15:06:17.742511Z", "id": "CVE-2024-42460", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:06:20.404Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-42460", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-02T15:06:17.742511Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*"], "vendor": "elliptic_project", "product": "elliptic", "versions": [{"status": "affected", "version": "6.5.6"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:01:06.364Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/indutny/elliptic/pull/317"}], "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-02T07:08:40.177526"}}}, "cveMetadata": {"cveId": "CVE-2024-42460", "state": "PUBLISHED", "dateUpdated": "2024-08-02T15:06:20.404Z", "dateReserved": "2024-08-02T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-02T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero."}, {"lang": "es", "value": " En el paquete Elliptic 6.5.6 para Node.js, la maleabilidad de la firma ECDSA se produce porque falta una verificaci\u00f3n de si el bit inicial de r y s es cero."}], "id": "CVE-2024-42460", "lastModified": "2024-08-02T16:35:53.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-02T07:16:10.120", "references": [{"source": "cve@mitre.org", "url": "https://github.com/indutny/elliptic/pull/317"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-130"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/agent-service-rhel8:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-image-service-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-agent-rhel8:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-reporter-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hive-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/addon-manager-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/apiserver-network-proxy-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/aws-encryption-provider-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/backplane-rhel9-operator:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-aws-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-azure-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-kubevirt-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/clusterclaims-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-curator-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-image-set-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/clusterlifecycle-state-metrics-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-proxy-addon-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-proxy-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/discovery-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hypershift-cli-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hypershift-rhel9-operator:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/image-based-install-rhel9:v2.5.7-7", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/klusterlet-operator-bundle:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/kube-rbac-proxy-mce-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/managedcluster-import-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/mce-operator-bundle:v2.5.7-6", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicloud-manager-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-console-mce-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-hypershift-addon-rhel9-operator:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-managed-serviceaccount-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/must-gather-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/placement-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/provider-credential-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/registration-operator-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/registration-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/work-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-cluster-permission-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-addon-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-framework-addon-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-grafana-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-must-gather-rhel9:v2.10.6-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-operator-bundle:v2.10.6-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-config-reloader-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-indexer-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-api-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-volsync-addon-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cert-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cluster-backup-rhel9-operator:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/config-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/console-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/endpoint-monitoring-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/governance-policy-propagator-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/grafana-dashboard-loader-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/iam-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-client-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-metrics-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/klusterlet-addon-controller-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-rbac-proxy-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-state-metrics-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-exporter-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/metrics-collector-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicloud-integrations-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multiclusterhub-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-observability-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-application-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-channel-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-subscription-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/node-exporter-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-alertmanager-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/rbac-query-proxy-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/search-collector-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/submariner-addon-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-receive-controller-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/grafana-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/kiali-rhel8:1.65.15-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/pilot-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/grafana-rhel8:2.5.4-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-ossmc-rhel8:1.73.13-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-rhel8:1.73.14-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/pilot-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.5.4-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.5.4-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}], "bugzilla": {"description": "elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks", "id": "2302459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302459"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-325", "details": ["In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.", "A flaw was found in the Elliptic NodeJS package where it fails to properly verify the leading bit for the R and S values used in the ECDSA signature. This issue may lead to a scenario where an attacker can modify the signature without the Elliptic library being able to properly reject it, causing data confidentiality issues."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42460", "package_state": [{"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Not affected", "package_name": "openshift-builds/openshift-builds-waiters-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed:1", "fix_state": "Not affected", "package_name": "openshift-lightspeed-beta/lightspeed-rhel9-operator", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "polkit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "rhel9/bootc-image-builder", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "elliptic", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "elliptic", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift_cluster_manager_cli:1", "fix_state": "Affected", "package_name": "ocm-cli-clients/ocm-cli-rhel9", "product_name": "Red Hat OpenShift Cluster Manager CLI"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "openshift3/ose-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Not affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "elliptic", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:trusted_application_pipeline:1", "fix_state": "Affected", "package_name": "/rh-syft", "product_name": "Red Hat Trusted Application Pipeline"}], "public_date": "2024-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42460\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42460\nhttps://github.com/indutny/elliptic/pull/317"], "threat_severity": "Moderate"}