Vulnerability CVE-2024-48949
Published: 2024-10-10

Description:
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

 References:
https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281
https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6
Copyright 2024, cxsecurity.com

 

Back to Top