Описание
Signature Malleabillity in elliptic
The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-13822
- https://github.com/indutny/elliptic/issues/226
- https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec
- https://medium.com/%40herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4
- https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4
- https://www.npmjs.com/package/elliptic
- https://yondon.blog/2019/01/01/how-not-to-use-ecdsa
Пакеты
elliptic
< 6.5.3
6.5.3
Связанные уязвимости
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...