6.6.1
10 years ago
2 months ago
Known vulnerabilities in the elliptic package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to an anomaly in the How to fix Improper Verification of Cryptographic Signature? Upgrade | <6.6.0 |
elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper range validation of the Note: This vulnerability could have a security-relevant impact if an application relies on the uniqueness of a signature. How to fix Improper Verification of Cryptographic Signature? Upgrade | <6.5.6 |
elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a missing signature length check in the How to fix Improper Verification of Cryptographic Signature? Upgrade | <6.5.7 |
elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the allowance of BER-encoded signatures. An attacker can manipulate the ECDSA signatures by exploiting the signature malleability. How to fix Improper Verification of Cryptographic Signature? Upgrade | <6.5.7 |
elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a missing check for whether the leading bit of How to fix Improper Verification of Cryptographic Signature? Upgrade | <6.5.7 |
elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Cryptographic Issues via the How to fix Cryptographic Issues? Upgrade | <6.5.4 |
elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Cryptographic Issues. Elliptic allows ECDSA signature malleability via variations in encoding, leading PoC
How to fix Cryptographic Issues? Upgrade | <6.5.3 |
elliptic is a fast elliptic-curve cryptography implementation in plain javascript. Affected versions of this package are vulnerable to Timing Attack. Practical recovery of the long-term private key generated by the library is possible under certain conditions. Leakage of bit-length of a scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key. How to fix Timing Attack? Upgrade | <6.5.2 |