Signature Malleabillity in elliptic
High severity
GitHub Reviewed
Published
Jul 29, 2020
to the GitHub Advisory Database
•
Updated Nov 29, 2023
Description
Reviewed
Jul 29, 2020
Published to the GitHub Advisory Database
Jul 29, 2020
Last updated
Nov 29, 2023
The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
References