The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Indutny
Indutny elliptic |
|
CPEs | cpe:2.3:a:indutny:elliptic:6.5.2:*:*:*:*:node.js:*:* | |
Vendors & Products |
Elliptic Project
Elliptic Project elliptic |
Indutny
Indutny elliptic |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-04T14:01:53
Updated: 2024-08-04T12:25:16.506Z
Reserved: 2020-06-04T00:00:00
Link: CVE-2020-13822
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-04T15:15:13.510
Modified: 2024-11-21T05:01:56.443
Link: CVE-2020-13822
Redhat