Description
The Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve’s base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected.
Recommendation
Update the elliptic package to the latest compatible version. Followings are version details:
- Affected version(s): < 6.6.0
- Patched version(s): 6.6.0
References
- GHSA-fc9h-whq2-v747
- security.netapp.com
- blog.trailofbits.com
- CVE-2024-48948
- CWE-347
- CAPEC-310
- OWASP 2021-A2
- OWASP 2021-A6
Related Issues
- Elliptic Uses a Broken or Risky Cryptographic Algorithm - CVE-2020-28498
- Elliptic's ECDSA missing check for whether leading bit of r and s is zero - CVE-2024-42460
- Elliptic's EDDSA missing signature length check - CVE-2024-42459
- DOMPurify vulnerable to tampering by prototype polution - CVE-2024-48910
- Tags:
- npm
- elliptic
Anything's wrong? Let us know Last updated on November 27, 2025