Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tiny-secp256k1 allows for verify() bypass when running in bundled environment
Vulnerability Description
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. Buffer.isBuffer check can be bypassed, resulting in strange objects being accepted as a message, and those messages could trick verify() into returning false-positive true values. This issue has been patched in version 1.1.7.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
tiny-secp256k1 安全漏洞
Vulnerability Description
tiny-secp256k1是bitcoinjs开源的一个包装器。 tiny-secp256k1 1.1.7之前版本存在安全漏洞,该漏洞源于验证恶意JSON可字符串化消息时可能绕过检查,可能导致虚假验证结果。
CVSS Information
N/A
Vulnerability Type
N/A