Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-42461

Опубликовано: 02 авг. 2024
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

A flaw was found in the Elliptic package for Node.js. ECDSA signatures encoded in BER format are improperly validated, allowing leading zeros to be added to the signature without invalidating it, resulting in confidentiality issues.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-controller-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-git-cloner-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-bundler-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-processing-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-rhel9-operatorNot affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-shared-resource-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-shared-resource-webhook-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-waiters-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-webhook-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-325
https://bugzilla.redhat.com/show_bug.cgi?id=2302460elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed

EPSS

Процентиль: 86%
0.02898
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-42461

CVSS3: 9.1
ubuntu
больше 1 года назад

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

nvd логотип

CVE-2024-42461

CVSS3: 9.1
nvd
больше 1 года назад

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

msrc логотип

CVE-2024-42461

CVSS3: 9.1
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2024-42461

CVSS3: 9.1
debian
больше 1 года назад

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleabilit ...

github логотип

GHSA-49q7-c7j4-3p7m

CVSS3: 5.3
github
больше 1 года назад

Elliptic allows BER-encoded signatures

EPSS

Процентиль: 86%
0.02898
Низкий

5.3 Medium

CVSS3