In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.
References
Link | Resource |
---|---|
https://github.com/indutny/elliptic/pull/317 | Exploit Issue Tracking |
Configurations
History
20 Jun 2025, 16:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:indutny:elliptic:6.5.6:*:*:*:*:node.js:*:* | |
References | () https://github.com/indutny/elliptic/pull/317 - Exploit, Issue Tracking | |
First Time |
Indutny
Indutny elliptic |
02 Aug 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-347 |
02 Aug 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Aug 2024, 07:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-02 07:16
Updated : 2025-06-20 16:28
NVD link : CVE-2024-42459
Mitre link : CVE-2024-42459
CVE.ORG link : CVE-2024-42459
JSON object : View
Products Affected
indutny
- elliptic
CWE
CWE-347
Improper Verification of Cryptographic Signature