CVE-2020-13822
Summary
| CVE | CVE-2020-13822 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-06-04 15:15:00 UTC |
|---|
| Updated | 2023-11-07 03:16:00 UTC |
|---|
| Description | The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| elliptic |
MISC |
www.npmjs.com |
Third Party Advisory |
| Malleability-Attack: Why It Matters – Herman Schoenfeld – Medium |
MISC |
medium.com |
Third Party Advisory |
| How Not to Use ECDSA – Learning Words |
MISC |
yondon.blog |
Third Party Advisory |
| Lack of encoding checks allows a certain degree of signature malleability in ECDSA signatures · Issue #226 · indutny/elliptic · GitHub |
MISC |
github.com |
Exploit, Third Party Advisory |
| Malleability-Attack: Why It Matters | by Herman Schoenfeld | Medium |
|
medium.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 980730 Nodejs (npm) Security Update for elliptic (GHSA-vh7m-p724-62c2)
