View all vulnerabilities

CVE-2024-42459

Elliptic's EDDSA missing signature length check

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.3
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Versions
elliptic >= 4.0.0 < 6.5.7
Severity
Medium
Ecosystem
JavaScript
Publish Date
August 2, 2024
Modified Date
August 15, 2024