Staypirate

**Name of the Vulnerable Software and Affected Versions** Elliptic package version 6.5.6 **Description** The issue concerns EDDSA signature malleability due to a missing signature length check, allowing zero-valued bytes to be removed or appended. This is a cryptographic weakness that can be exploited. **Recommendations** For Elliptic package version 6.5.6, patch immediately to prevent exploitation of this weakness.

**Name of the Vulnerable Software and Affected Versions** Elliptic package version 6.5.6 **Description** The issue concerns ECDSA signature malleability due to a missing check for whether the leading bit of `r` and `s` is zero. This results in a cryptographic weakness. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Elliptic package version 6.5.6, apply the available patch immediately to mitigate risks. As a temporary workaround, consider adding a check for the leading bit of `r` and `s` to prevent ECDSA signature malleability until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Elliptic package version 6.5.6 **Description** ECDSA signature malleability occurs in the Elliptic package because BER-encoded signatures are allowed. This issue affects the Elliptic package for Node.js. **Recommendations** For Elliptic package version 6.5.6, consider updating to a newer version that addresses the ECDSA signature malleability issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KeePassXC version 2.7.7 **Description** The issue allows an attacker with victim privileges to recover cleartext credentials via a memory dump. It is noted that the vendor disputes this, citing memory-management constraints that make this unavoidable in the current design and other realistic designs. **Recommendations** For KeePassXC version 2.7.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KeePassXC version 2.7.7 **Description** The issue allows an attacker, who has the privileges of the victim, to recover some passwords stored in the .kdbx database via a memory dump. The vendor disputes this, citing memory-management constraints that make this unavoidable in the current design and other realistic designs. **Recommendations** For KeePassXC version 2.7.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.