CVE-2024-42459

Published August 2nd, 2024

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.

indutny/elliptic

Fast Elliptic Curve Cryptography in plain javascript

GitHub

1.76K