CVE-2024-42459

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Elliptic package version 6.5.6

Description The issue concerns EDDSA signature malleability due to a missing signature length check, allowing zero-valued bytes to be removed or appended. This is a cryptographic weakness that can be exploited.

Recommendations For Elliptic package version 6.5.6, patch immediately to prevent exploitation of this weakness.

Exploit

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

AZL-47421

CVE-2024-42459

GHSA-F7Q4-PWC6-W24P

OPENSUSE-SU-2025:14663-1

Affected Products

Debian

Elliptic

CVE-2024-42459

Weakness Enumeration

Related Identifiers

Affected Products

References · 47