In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
History

Fri, 22 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.8::el8
cpe:/a:redhat:multicluster_engine:2.3::el8

Tue, 29 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.9::el8
cpe:/a:redhat:multicluster_engine:2.4::el8

Fri, 11 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.11::el9

Fri, 11 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:multicluster_engine:2.6::el8
cpe:/a:redhat:multicluster_engine:2.6::el9

Thu, 19 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat acm
CPEs cpe:/a:redhat:acm:2.10::el9
Vendors & Products Redhat acm

Wed, 18 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat multicluster Engine
CPEs cpe:/a:redhat:multicluster_engine:2.5::el8
Vendors & Products Redhat multicluster Engine

Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat service Mesh
CPEs cpe:/a:redhat:service_mesh:2.4::el8
cpe:/a:redhat:service_mesh:2.5::el8
Vendors & Products Redhat
Redhat service Mesh

Wed, 07 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Elliptic Project
Elliptic Project elliptic
Weaknesses CWE-347
CPEs cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*
Vendors & Products Elliptic Project
Elliptic Project elliptic
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 07 Aug 2024 01:15:00 +0000

Type Values Removed Values Added
Title elliptic: nodejs/elliptic: From NVD collector elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed
Weaknesses CWE-325

Tue, 06 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
Title elliptic: From NVD collector elliptic: nodejs/elliptic: From NVD collector
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-02T00:00:00

Updated: 2024-08-07T18:33:09.133Z

Reserved: 2024-08-02T00:00:00

Link: CVE-2024-42461

cve-icon Vulnrichment

Updated: 2024-08-07T18:29:37.103Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-02T07:16:10.230

Modified: 2024-08-16T16:51:40.270

Link: CVE-2024-42461

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-08-02T00:00:00Z

Links: CVE-2024-42461 - Bugzilla