CVE-2024-48948

EUVD-2024-3034
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
indutnyelliptic
6.5.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-elliptic
bookworm
no-dsa
bullseye
postponed
forky
6.6.1+dfsg-1
fixed
sid
6.6.1+dfsg-1
fixed
trixie
6.6.1+dfsg-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
aws-cli
suse enterprise sap 15 SP4
1.33.26-150400.34.7.1
fixed
suse enterprise sap 15 SP5
1.33.26-150400.34.7.1
fixed
suse enterprise sap 15 SP6
1.33.26-150400.34.7.1
fixed
suse enterprise server 15 SP4
1.33.26-150400.34.7.1
fixed
suse enterprise server 15 SP5
1.33.26-150400.34.7.1
fixed
suse enterprise server 15 SP6
1.33.26-150400.34.7.1
fixed
pgadmin4
suse enterprise desktop 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise desktop 15 SP7
8.5-150600.3.6.1
fixed
suse enterprise sap 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise sap 15 SP7
8.5-150600.3.6.1
fixed
suse enterprise server 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise server 15 SP7
8.5-150600.3.6.1
fixed
pgadmin4-doc
suse enterprise desktop 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise desktop 15 SP7
8.5-150600.3.6.1
fixed
suse enterprise sap 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise sap 15 SP7
8.5-150600.3.6.1
fixed
suse enterprise server 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise server 15 SP7
8.5-150600.3.6.1
fixed
python311-boto3
suse enterprise desktop 15 SP7
1.34.138-150400.27.7.1
fixed
suse enterprise sap 15 SP4
1.34.138-150400.27.7.1
fixed
suse enterprise sap 15 SP5
1.34.138-150400.27.7.1
fixed
suse enterprise sap 15 SP6
1.34.138-150400.27.7.1
fixed
suse enterprise sap 15 SP7
1.34.138-150400.27.7.1
fixed
suse enterprise server 15 SP4
1.34.138-150400.27.7.1
fixed
suse enterprise server 15 SP5
1.34.138-150400.27.7.1
fixed
suse enterprise server 15 SP6
1.34.138-150400.27.7.1
fixed
suse enterprise server 15 SP7
1.34.138-150400.27.7.1
fixed
python311-botocore
suse enterprise desktop 15 SP7
1.34.144-150400.41.7.1
fixed
suse enterprise sap 15 SP4
1.34.144-150400.41.7.1
fixed
suse enterprise sap 15 SP5
1.34.144-150400.41.7.1
fixed
suse enterprise sap 15 SP6
1.34.144-150400.41.7.1
fixed
suse enterprise sap 15 SP7
1.34.144-150400.41.7.1
fixed
suse enterprise server 15 SP4
1.34.144-150400.41.7.1
fixed
suse enterprise server 15 SP5
1.34.144-150400.41.7.1
fixed
suse enterprise server 15 SP6
1.34.144-150400.41.7.1
fixed
suse enterprise server 15 SP7
1.34.144-150400.41.7.1
fixed
python311-coverage
suse enterprise desktop 15 SP6
7.6.10-150400.12.6.1
fixed
suse enterprise desktop 15 SP7
7.6.10-150400.12.6.1
fixed
suse enterprise sap 15 SP6
7.6.10-150400.12.6.1
fixed
suse enterprise sap 15 SP7
7.6.10-150400.12.6.1
fixed
suse enterprise server 15 SP4
7.6.10-150400.12.6.1
fixed
suse enterprise server 15 SP5
7.6.10-150400.12.6.1
fixed
suse enterprise server 15 SP6
7.6.10-150400.12.6.1
fixed
suse enterprise server 15 SP7
7.6.10-150400.12.6.1
fixed
python311-pluggy
suse enterprise desktop 15 SP6
1.5.0-150400.14.10.1
fixed
suse enterprise desktop 15 SP7
1.5.0-150400.14.10.1
fixed
suse enterprise sap 15 SP6
1.5.0-150400.14.10.1
fixed
suse enterprise sap 15 SP7
1.5.0-150400.14.10.1
fixed
suse enterprise server 15 SP4
1.5.0-150400.14.10.1
fixed
suse enterprise server 15 SP5
1.5.0-150400.14.10.1
fixed
suse enterprise server 15 SP6
1.5.0-150400.14.10.1
fixed
suse enterprise server 15 SP7
1.5.0-150400.14.10.1
fixed
python311-pytest
suse enterprise desktop 15 SP6
8.3.5-150400.3.9.1
fixed
suse enterprise desktop 15 SP7
8.3.5-150400.3.9.1
fixed
suse enterprise sap 15 SP6
8.3.5-150400.3.9.1
fixed
suse enterprise sap 15 SP7
8.3.5-150400.3.9.1
fixed
suse enterprise server 15 SP4
8.3.5-150400.3.9.1
fixed
suse enterprise server 15 SP5
8.3.5-150400.3.9.1
fixed
suse enterprise server 15 SP6
8.3.5-150400.3.9.1
fixed
suse enterprise server 15 SP7
8.3.5-150400.3.9.1
fixed
python311-pytest-cov
suse enterprise desktop 15 SP6
6.2.1-150400.12.6.1
fixed
suse enterprise desktop 15 SP7
6.2.1-150400.12.6.1
fixed
suse enterprise sap 15 SP6
6.2.1-150400.12.6.1
fixed
suse enterprise sap 15 SP7
6.2.1-150400.12.6.1
fixed
suse enterprise server 15 SP4
6.2.1-150400.12.6.1
fixed
suse enterprise server 15 SP5
6.2.1-150400.12.6.1
fixed
suse enterprise server 15 SP6
6.2.1-150400.12.6.1
fixed
suse enterprise server 15 SP7
6.2.1-150400.12.6.1
fixed
python311-pytest-mock
suse enterprise desktop 15 SP6
3.14.0-150400.13.6.1
fixed
suse enterprise desktop 15 SP7
3.14.0-150400.13.6.1
fixed
suse enterprise sap 15 SP6
3.14.0-150400.13.6.1
fixed
suse enterprise sap 15 SP7
3.14.0-150400.13.6.1
fixed
suse enterprise server 15 SP4
3.14.0-150400.13.6.1
fixed
suse enterprise server 15 SP5
3.14.0-150400.13.6.1
fixed
suse enterprise server 15 SP6
3.14.0-150400.13.6.1
fixed
suse enterprise server 15 SP7
3.14.0-150400.13.6.1
fixed
system-user-pgadmin
suse enterprise desktop 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise desktop 15 SP7
8.5-150600.3.6.1
fixed
suse enterprise sap 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise sap 15 SP7
8.5-150600.3.6.1
fixed
suse enterprise server 15 SP6
8.5-150600.3.6.1
fixed
suse enterprise server 15 SP7
8.5-150600.3.6.1
fixed
Common Weakness Enumeration
References
https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/
https://github.com/indutny/elliptic/issues/321
https://github.com/indutny/elliptic/pull/322
https://security.netapp.com/advisory/ntap-20241220-0004/