Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Low severity
GitHub Reviewed
Published
Aug 2, 2024
to the GitHub Advisory Database
•
Updated Aug 15, 2024
Description
Published by the National Vulnerability Database
Aug 2, 2024
Published to the GitHub Advisory Database
Aug 2, 2024
Reviewed
Aug 5, 2024
Last updated
Aug 15, 2024
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
References