Low severityNVD Advisory· Published Oct 15, 2024· Updated Nov 25, 2025
CVE-2024-48948
CVE-2024-48948
Description
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ellipticnpm | < 6.6.0 | 6.6.0 |
Affected products
78- Node.js/Ellipticdescription
- ghsa-coords77 versionspkg:npm/ellipticpkg:rpm/opensuse/aws-cli&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/pgadmin4&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-boto3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-botocore&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-coverage&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-flaky&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pluggy&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest-cov&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest-html&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-pytest-mock&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/velociraptor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 6.6.0+ 76 more
- (no CPE)range: < 6.6.0
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 8.5-150600.3.6.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 3.8.1-150400.14.6.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 4.1.1-3.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 0.7.0.4.git142.862ef23-1.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 8.5-150600.3.6.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-fc9h-whq2-v747ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-48948ghsaADVISORY
- blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproofghsaWEB
- github.com/indutny/elliptic/commit/34c853478cec1be4e37260ed2cb12cdbdc6402cfghsaWEB
- github.com/indutny/elliptic/issues/321ghsaWEB
- github.com/indutny/elliptic/pull/322ghsaWEB
- security.netapp.com/advisory/ntap-20241220-0004ghsaWEB
- blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/mitre
News mentions
0No linked articles in our index yet.