The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows.

Hi

Issue:

```
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, 
leading '\0' bytes, or integer overflows. 

This could conceivably have a security-relevant impact if an application relied on a  
single canonical signature. I'm using Elliptic 6.5.3 version but still I'm facing this issue in my project.
```

Could you please let me know what could be the reason for this?

```
I tried npm install elliptic@6.5.3
and
npm audit fix
and I played around lot of other ways but still issue persists.
```

Thanks

Image reference:

**

> Note: Actually, this issue is throwing by node-libs-browser. node-libs-browser is internally using few packages and those packages are internally using elliptic.

**

![image](https://user-images.githubusercontent.com/39646194/95439792-ba847a80-0975-11eb-8960-5e8756e2658f.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. #102

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. #102

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions