Low severityNVD Advisory· Published Oct 10, 2024· Updated Nov 25, 2025
CVE-2024-48949
CVE-2024-48949
Description
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ellipticnpm | < 6.5.6 | 6.5.6 |
Affected products
78- Node.js/Ellipticdescription
- ghsa-coords77 versionspkg:npm/ellipticpkg:rpm/opensuse/aws-cli&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/pgadmin4&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-boto3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-botocore&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-coverage&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-flaky&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pluggy&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest-cov&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest-html&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-pytest-mock&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/velociraptor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 6.5.6+ 76 more
- (no CPE)range: < 6.5.6
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 8.5-150600.3.6.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 3.8.1-150400.14.6.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 4.1.1-2.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 0.7.0.4.git142.862ef23-1.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 8.5-150600.3.6.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-434g-2637-qmqrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-48949ghsaADVISORY
- blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproofghsaWEB
- github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281ghsaWEB
- github.com/indutny/elliptic/compare/v6.5.5...v6.5.6ghsaWEB
- security.netapp.com/advisory/ntap-20241227-0003ghsaWEB
- blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/mitre
News mentions
0No linked articles in our index yet.