Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Elliptic 安全漏洞
Vulnerability Description
Elliptic是Fedor Indutny个人开发者的一个 javascript 中的快速椭圆曲线密码库。 Elliptic 6.5.7版本存在安全漏洞,该漏洞源于在其 ECDSA 实现中无法正确验证有效签名。
CVSS Information
N/A
Vulnerability Type
N/A