CVE-2020-13822: Signature Malleability vulnerability in elliptic (npm)

What is CVE-2020-13822 About?

This vulnerability in the Elliptic Node.js package allows for ECDSA signature malleability through variations in encoding, leading '' bytes, or integer overflows. This could have a security-relevant impact if an application relies on a single canonical signature. Exploitation difficulty would depend on the specific application's reliance on canonical signatures, but modifying signatures is generally a moderate to complex task.

Affected Software

elliptic <6.5.3

Technical Details

The Elliptic package before version 6.5.3 for Node.js is vulnerable to ECDSA signature malleability. This occurs because the package allows for variations in signature encoding, the presence of leading null bytes, or integer overflows during signature generation or verification. Specifically, the ECDSA standard permits multiple valid encodings for a single signature, and this vulnerability arises when an application expects a strict, canonical representation. An attacker could craft a technically valid, but non-canonical, signature for the same message by introducing these variations. If an application's security logic inadvertently assumes a single, unique signature format, an attacker could potentially bypass security controls or impersonate valid transactions by presenting a malleable signature that differs from a previously recorded or expected canonical form, yet still validates cryptographically.

What is the Impact of CVE-2020-13822?

Successful exploitation may allow attackers to bypass security checks, impersonate legitimate entities, or tamper with data integrity if the application logic relies on the strict canonical form of a digital signature.

What is the Exploitability of CVE-2020-13822?

Exploitation of this vulnerability would be complex, requiring a deep understanding of ECDSA cryptography and the Elliptic package's implementation. There are no inherent authentication or privilege requirements to trigger the malleability, as it pertains to the signature itself. Access to the signed data or the ability to inject crafted signatures would typically be needed, implying either local access or remote access to a system processing these signatures. The primary prerequisite is an application that specifically relies on a 'single canonical signature' for its security decisions, meaning most applications might not be directly affected. Risk factors increasing exploitability include applications performing custom signature verification without canonicalization, or those storing signature hashes where a malleable signature might lead to a hash collision.

What are the Known Public Exploits?

PoC Author	Link	Commentary
No known exploits

What are the Available Fixes for CVE-2020-13822?

A Fix by Resolved Security Exists!

See how easy it is to remediate vulnerabilities in your open-source packages.

About the Fix from Resolved Security

The patch adds stricter DER signature decoding checks by rejecting indefinite or excessively long lengths, forbidding integers with unnecessary leading zeros, and adding return paths for malformed input, which prevents acceptance of non-canonical or ambiguous signatures. This fixes CVE-2020-13822 by mitigating a signature malleability vulnerability in the elliptic library where malformed ECDSA signatures could be interpreted as valid, potentially enabling replay or bypass attacks.

Available Upgrade Options

elliptic
- <6.5.3 → Upgrade to 6.5.3

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2020-13822?

Similar Vulnerabilities: CVE-2019-17075 , CVE-2015-0870 , CVE-2014-9907 , CVE-2019-15822 , CVE-2018-1000021

CVE-2020-13822 Signature Malleability vulnerability in elliptic (npm)