mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 15:15:46 +02:00
0xMarcio
809 B
809 B
CVE-2020-13822
Description
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
POC
Reference
- https://github.com/indutny/elliptic/issues/226
- https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4
Github
No PoCs found on GitHub currently.