UBUNTU-CVE-2024-48948

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2024-48948
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-48948.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-48948
Related
Published
2024-10-15T14:15:00Z
Modified
2025-01-13T10:26:23Z
Summary
[none]
Details

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.

References

Affected packages

Ubuntu:Pro:18.04:LTS / node-elliptic

Package

Name
node-elliptic
Purl
pkg:deb/ubuntu/node-elliptic@6.4.0+dfsg-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.0+dfsg-1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / node-elliptic

Package

Name
node-elliptic
Purl
pkg:deb/ubuntu/node-elliptic@6.5.1~dfsg-2?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.1~dfsg-1
6.5.1~dfsg-2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / node-elliptic

Package

Name
node-elliptic
Purl
pkg:deb/ubuntu/node-elliptic@6.5.4~dfsg-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.4~dfsg-1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / node-elliptic

Package

Name
node-elliptic
Purl
pkg:deb/ubuntu/node-elliptic@6.5.4~dfsg-2?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.4~dfsg-2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / node-elliptic

Package

Name
node-elliptic
Purl
pkg:deb/ubuntu/node-elliptic@6.5.4~dfsg-2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.4~dfsg-2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}