The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nodejs
Nodejs elliptic |
|
Weaknesses | CWE-347 | |
CPEs | cpe:2.3:a:nodejs:elliptic:*:*:*:*:*:*:*:* | |
Vendors & Products |
Nodejs
Nodejs elliptic |
|
Metrics |
cvssV3_1
|
ssvc
|
Wed, 16 Oct 2024 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | elliptic: ECDSA signature verification error may reject legitimate transactions | |
Weaknesses | CWE-222 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Tue, 15 Oct 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-15T00:00:00
Updated: 2024-11-05T18:36:35.085Z
Reserved: 2024-10-10T00:00:00
Link: CVE-2024-48948
Vulnrichment
Updated: 2024-11-05T18:36:28.677Z
NVD
Status : Awaiting Analysis
Published: 2024-10-15T14:15:05.280
Modified: 2024-11-05T19:36:14.127
Link: CVE-2024-48948
Redhat