elliptic@6.4.1 vulnerabilities
EC cryptography
-
latest version
6.5.7
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
a month ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the elliptic package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a missing signature length check in the How to fix Improper Verification of Cryptographic Signature? Upgrade |
<6.5.7
|
elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the allowance of BER-encoded signatures. An attacker can manipulate the ECDSA signatures by exploiting the signature malleability. How to fix Improper Verification of Cryptographic Signature? Upgrade |
<6.5.7
|
elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a missing check for whether the leading bit of How to fix Improper Verification of Cryptographic Signature? Upgrade |
<6.5.7
|
elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Cryptographic Issues via the How to fix Cryptographic Issues? Upgrade |
<6.5.4
|
elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Cryptographic Issues. Elliptic allows ECDSA signature malleability via variations in encoding, leading PoC
How to fix Cryptographic Issues? Upgrade |
<6.5.3
|
elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Timing Attack. Practical recovery of the long-term private key generated by the library is possible under certain conditions. Leakage of bit-length of a scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key. How to fix Timing Attack? Upgrade |
<6.5.2
|