Vulnerabilities > Indutny

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-48949 Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.
network
low complexity
indutny CWE-347
critical
9.1
2020-06-04 CVE-2020-13822 Integer Overflow or Wraparound vulnerability in Indutny Elliptic 6.5.2
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows.
network
high complexity
indutny CWE-190
7.7