Subheader

**Name of the Vulnerable Software and Affected Versions** Elliptic versions prior to 6.6.2 **Description** The ECDSA implementation within the Elliptic package produces incorrect signatures when an interim value of `k` (calculated according to step 3.2 of RFC 6979) contains leading zeros, making it susceptible to cryptanalysis and potentially exposing the secret key. This occurs because the byte-length of `k` is calculated incorrectly, leading to truncation during computation. This can disrupt legitimate transactions or communications. An attacker, under specific conditions, could derive the secret key by obtaining both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs. **Recommendations** Update to Elliptic version 6.6.2 or later.