Indutny: >> Elliptic >> 6.5.6 Security Vulnerabilities
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-08-02
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-08-02