The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| elliptic(npm) | 0 | 6.5.3 | N/A |
CVSS Metrics
