CVE-2024-48949: Elliptic's verify function omits uniqueness validation
(updated )
The Elliptic package 6.5.5 for Node.js for EDDSA implementation does not perform the required check if the signature proof(s) is within the bounds of the order n of the base point of the elliptic curve, leading to signature malleability. Namely, the verify function in lib/elliptic/eddsa/index.js omits sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg() validation.
This vulnerability could have a security-relevant impact if an application relies on the uniqueness of a signature.
References
- blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof
- github.com/advisories/GHSA-434g-2637-qmqr
- github.com/indutny/elliptic
- github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281
- github.com/indutny/elliptic/compare/v6.5.5...v6.5.6
- nvd.nist.gov/vuln/detail/CVE-2024-48949
- security.netapp.com/advisory/ntap-20241227-0003
Code Behaviors & Features
Detect and mitigate CVE-2024-48949 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →