npm package
elliptic
pkg:npm/elliptic
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14505 | Med | 5.6 | <= 6.6.1 | — | Jan 8, 2026 | The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret k | |
| CVE-2024-48948 | — | < 6.6.0 | 6.6.0 | Oct 15, 2024 | The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomal | ||
| CVE-2024-48949 | — | < 6.5.6 | 6.5.6 | Oct 10, 2024 | The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | ||
| CVE-2024-42461 | — | >= 5.2.1, < 6.5.7 | 6.5.7 | Aug 2, 2024 | In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. | ||
| CVE-2024-42460 | — | >= 2.0.0, < 6.5.7 | 6.5.7 | Aug 2, 2024 | In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. | ||
| CVE-2024-42459 | — | >= 4.0.0, < 6.5.7 | 6.5.7 | Aug 2, 2024 | In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended. | ||
| CVE-2020-28498 | — | < 6.5.4 | 6.5.4 | Feb 2, 2021 | The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the pote | ||
| CVE-2020-13822 | — | < 6.5.3 | 6.5.3 | Jun 4, 2020 | The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature. |
- affected <= 6.6.1
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret k
- CVE-2024-48948Oct 15, 2024affected < 6.6.0fixed 6.6.0
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomal
- CVE-2024-48949Oct 10, 2024affected < 6.5.6fixed 6.5.6
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.
- CVE-2024-42461Aug 2, 2024affected >= 5.2.1, < 6.5.7fixed 6.5.7
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
- CVE-2024-42460Aug 2, 2024affected >= 2.0.0, < 6.5.7fixed 6.5.7
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
- CVE-2024-42459Aug 2, 2024affected >= 4.0.0, < 6.5.7fixed 6.5.7
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.
- CVE-2020-28498Feb 2, 2021affected < 6.5.4fixed 6.5.4
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the pote
- CVE-2020-13822Jun 4, 2020affected < 6.5.3fixed 6.5.3
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.