CVE-2024-42461

Опубликовано: 02 авг. 2024

Источник: debian

EPSS Низкий

Описание

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

Пакет	Статус	Версия исправления	Релиз	Тип
node-elliptic	fixed	6.5.7+dfsg-1		package
node-elliptic	no-dsa		bookworm	package
node-elliptic	no-dsa		bullseye	package

https://github.com/indutny/elliptic/pull/317
https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11 (v6.5.7)

EPSS

Процентиль: 86%

0.02898

Низкий

CVE-2024-42461

CVSS3: 9.1

ubuntu

больше 1 года назад

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

CVE-2024-42461

CVSS3: 5.3

redhat

больше 1 года назад

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

CVE-2024-42461

CVSS3: 9.1

nvd

больше 1 года назад

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

CVE-2024-42461

CVSS3: 9.1

msrc

больше 1 года назад

Описание отсутствует

GHSA-49q7-c7j4-3p7m

CVSS3: 5.3

github

больше 1 года назад

Elliptic allows BER-encoded signatures

EPSS

Процентиль: 86%

0.02898

Низкий