VDB
DEBIAN-CVE-2024-42460
DEBIAN-CVE-2024-42460
PUBLISHED
CVSS 5.300000190734863 MEDIUM
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | node-elliptic | 0, 0 |
| Debian:11 | node-elliptic | 6.6.1+dfsg, 0, 6.5.4~dfsg-1 |
| Debian | node-elliptic | |
| Debian:13 | node-elliptic | 0, 0 |
| Debian:12 | node-elliptic | 6.5.4~dfsg-2, 6.5.7+dfsg-1, 6.6.1+dfsg+~6.4.18-1 |
Timeline
- Aug 2, 2024 CVE Published
- Apr 28, 2026 CVE Updated