Adelapieo

**Name of the Vulnerable Software and Affected Versions** Crypt::Perl versions prior to 0.32 **Description** The issue is related to the verification of ECDSA signatures. Specifically, when using the curve secp256r1 (prime256v1), the verification may fail when `r` and `s` are small and when `s` equals 1. This could potentially have security implications if an attacker attempts to exploit this behavior by using public `r` and `s` values to guess whether signature verification will fail. **Recommendations** For versions prior to 0.32, update to version 0.32 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Elliptic package versions prior to 6.5.3 **Description** The issue allows ECDSA signature malleability via variations in encoding, leading '0' bytes, or integer overflows. This could have a security-relevant impact if an application relied on a single canonical signature. **Recommendations** For versions prior to 6.5.3, update to version 6.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of ECDSA signatures in applications that rely on a single canonical signature until a patch is available.