VDB

DEBIAN-CVE-2024-48949

DEBIAN-CVE-2024-48949 PUBLISHED CVSS 9.100000381469727 CRITICAL

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Debian:14node-elliptic0, 0
Debian:12node-elliptic*, 6.5.4~dfsg-2, 6.5.7+dfsg-1
Debian:11node-elliptic6.5.4, 6.6.1+dfsg, 6.6.1+dfsg
Debian:13node-elliptic0, 0

Timeline

  • Oct 10, 2024 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›