Elliptic Uses a Cryptographic Primitive with a Risky Implementation

Description

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of ‘k’ (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 6.6.1

References

• GHSA-848j-6mx2-7j84
• www.herodevs.com
• CVE-2025-14505
• CWE-1240
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Elliptic Uses a Broken or Risky Cryptographic Algorithm - CVE-2020-28498
• Manifest Uses a One-Way Hash without a Salt - CVE-2025-27408
• crypto-js uses insecure random numbers - CVE-2020-36732
• The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended - CVE-2025-54885

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

elliptic