Homepage
About Snyk

elliptic@6.5.7 vulnerabilities

EC cryptography

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the elliptic package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Verification of Cryptographic Signature

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to an anomaly in the _truncateToN function. An attacker can cause legitimate transactions or communications to be incorrectly flagged as invalid by exploiting the signature verification process when the hash contains at least four leading 0 bytes and the order of the elliptic curve's base point is smaller than the hash.

How to fix Improper Verification of Cryptographic Signature?

Upgrade elliptic to version 6.6.0 or higher.

<6.6.0
Go back to all versions of this package