Lucene search
GoogleOSV:GHSA-VH7M-P724-62C2HistoryJul 29, 2020 - 8:40 p.m.
Signature Malleabillity in elliptic
2020-07-2920:40:35
Google
osv.dev
17
elliptic
ecdsa
signature malleability
security impact
node.js
EPSS
0.004
Percentile
72.0%
The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading ‘\0’ bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
References
github.com/indutny/elliptic
github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec
github.com/indutny/elliptic/issues/226
medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4
nvd.nist.gov/vuln/detail/CVE-2020-13822
www.npmjs.com/package/elliptic
yondon.blog/2019/01/01/how-not-to-use-ecdsa
Related
veracode
veracode
ECDSA Signature Malleability
2020-06-05 01:04:02
cve
cve
CVE-2020-13822
2020-06-04 15:15:13
prion
prion
Integer overflow
2020-06-04 15:15:00
redhatcve
redhatcve
CVE-2020-13822
2020-06-18 16:55:57
github
github
Signature Malleabillity in elliptic
2020-07-29 20:40:35
cvelist
cvelist
CVE-2020-13822
2020-06-04 14:01:53
debiancve
debiancve
CVE-2020-13822
2020-06-04 15:15:13
nvd
nvd
CVE-2020-13822
2020-06-04 15:15:13
osv
osv
CVE-2020-13822
2020-06-04 15:15:13
ubuntucve
ubuntucve
CVE-2020-13822
2020-06-04 00:00:00
nodejs
nodejs
Signature Malleability
2020-07-29 20:44:24
redhat
redhat
ibm
ibm
nessus
nessus
Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)
2024-05-02 00:00:00