In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.
History

Fri, 22 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.8::el8
cpe:/a:redhat:multicluster_engine:2.3::el8

Tue, 29 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.9::el8
cpe:/a:redhat:multicluster_engine:2.4::el8

Fri, 11 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.11::el9

Fri, 11 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:multicluster_engine:2.6::el8
cpe:/a:redhat:multicluster_engine:2.6::el9

Thu, 19 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat acm
CPEs cpe:/a:redhat:acm:2.10::el9
Vendors & Products Redhat acm

Wed, 18 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat multicluster Engine
CPEs cpe:/a:redhat:multicluster_engine:2.5::el8
Vendors & Products Redhat multicluster Engine

Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat service Mesh
CPEs cpe:/a:redhat:service_mesh:2.4::el8
cpe:/a:redhat:service_mesh:2.5::el8
Vendors & Products Redhat
Redhat service Mesh

Fri, 09 Aug 2024 02:15:00 +0000

Type Values Removed Values Added
Title elliptic: From NVD collector elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check
Weaknesses CWE-325

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-02T00:00:00

Updated: 2024-08-02T15:05:48.384Z

Reserved: 2024-08-02T00:00:00

Link: CVE-2024-42459

cve-icon Vulnrichment

Updated: 2024-08-02T15:04:36.324Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-02T07:16:10.003

Modified: 2024-08-02T15:35:44.213

Link: CVE-2024-42459

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-08-02T00:00:00Z

Links: CVE-2024-42459 - Bugzilla