Signature Malleability

2020-07-2920:44:24

Unkown

www.npmjs.com

node.js

ecdsa

signature malleability

integer overflows

security

upgrade

EPSS

0.004

Percentile

72.0%

JSON

Overview

The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading ‘\0’ bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.