CVE-2020-13822

Name of the Vulnerable Software and Affected Versions Elliptic package versions prior to 6.5.3

Description The issue allows ECDSA signature malleability via variations in encoding, leading '0' bytes, or integer overflows. This could have a security-relevant impact if an application relied on a single canonical signature.

Recommendations For versions prior to 6.5.3, update to version 6.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of ECDSA signatures in applications that rely on a single canonical signature until a patch is available.