CVEs-PoC/2020/CVE-2020-13822.md

### [CVE-2020-13822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13822)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.

### POC

#### Reference
- https://github.com/indutny/elliptic/issues/226
- https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4

#### Github
No PoCs found on GitHub currently.