VulnerableCode Package Details - pkg:npm/elliptic@6.6.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-ew32-3yaw-hfgg Aliases: CVE-2025-14505 GHSA-848j-6mx2-7j84	Elliptic Uses a Cryptographic Primitive with a Risky Implementation The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of 'k' is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result. Furthermore, due to the nature of the fault, attackers could–under certain conditions–derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs. This issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1).	There are no reported fixed by versions.
VCID-naf1-wstu-budj Aliases: GHSA-vjh7-7g9h-fjfh	Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input Note that `elliptic` by design accepts hex strings as one of the possible input types	6.6.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ew32-3yaw-hfgg
Aliases:
CVE-2025-14505
GHSA-848j-6mx2-7j84

Elliptic Uses a Cryptographic Primitive with a Risky Implementation The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of 'k' is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result. Furthermore, due to the nature of the fault, attackers could–under certain conditions–derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs. This issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1).

There are no reported fixed by versions.

VCID-naf1-wstu-budj
Aliases:
GHSA-vjh7-7g9h-fjfh

Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input Note that `elliptic` by design accepts hex strings as one of the possible input types

6.6.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-p89g-d93c-ekfn	Valid ECDSA signatures erroneously rejected in Elliptic The Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.	CVE-2024-48948 GHSA-fc9h-whq2-v747

Vulnerability

Summary

Aliases

VCID-p89g-d93c-ekfn

Valid ECDSA signatures erroneously rejected in Elliptic The Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.

CVE-2024-48948
GHSA-fc9h-whq2-v747

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T06:36:30.118269+00:00	GitLab Importer	Affected by	VCID-ew32-3yaw-hfgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/elliptic/CVE-2025-14505.yml	38.6.0
2026-06-06T05:39:41.299012+00:00	GitLab Importer	Affected by	VCID-naf1-wstu-budj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/elliptic/GHSA-vjh7-7g9h-fjfh.yml	38.6.0
2026-06-05T21:50:12.367882+00:00	GHSA Importer	Fixing	VCID-p89g-d93c-ekfn	https://github.com/advisories/GHSA-fc9h-whq2-v747	38.6.0
2026-06-04T16:44:34.185084+00:00	GithubOSV Importer	Fixing	VCID-p89g-d93c-ekfn	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-fc9h-whq2-v747/GHSA-fc9h-whq2-v747.json	38.6.0
2026-06-04T16:22:25.771900+00:00	GitLab Importer	Fixing	VCID-p89g-d93c-ekfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/elliptic/CVE-2024-48948.yml	38.6.0