High severityNVD Advisory· Published Jun 4, 2020· Updated Aug 4, 2024
CVE-2020-13822
CVE-2020-13822
Description
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ellipticnpm | < 6.5.3 | 6.5.3 |
Affected products
2- Node.js/Elliptic package for Node.jsdescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-vh7m-p724-62c2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13822ghsaADVISORY
- github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721becghsaWEB
- github.com/indutny/elliptic/issues/226ghsax_refsource_MISCWEB
- medium.com/%40herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4ghsax_refsource_MISCWEB
- medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4ghsaWEB
- www.npmjs.com/package/ellipticghsax_refsource_MISCWEB
- yondon.blog/2019/01/01/how-not-to-use-ecdsaghsaWEB
- yondon.blog/2019/01/01/how-not-to-use-ecdsa/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.