Lucene search

K

MitreCVELIST:CVE-2020-13822

HistoryJun 04, 2020 - 2:01 p.m.

CVE-2020-13822

2020-06-0414:01:53

mitre

www.cve.org

5

AI Score

7.6

Confidence

High

EPSS

0.004

Percentile

72.0%

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading ‘\0’ bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.

References

github.com/indutny/elliptic/issues/226

medium.com/%40herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4

www.npmjs.com/package/elliptic

yondon.blog/2019/01/01/how-not-to-use-ecdsa/

AI Score

7.6

Confidence

High

EPSS

0.004

Percentile

72.0%

Related for CVELIST:CVE-2020-13822

veracode1 cve1 prion1 redhatcve1 github1 debiancve1 nvd1 osv2 ubuntucve1 nodejs1 redhat2 ibm4 nessus1