CVE-2024-42460
Signature Malleability vulnerability in elliptic (npm)
What is CVE-2024-42460 About?
This is a Signature Malleability vulnerability in the Elliptic package for Node.js due to a missing check for the leading bit of 'r' and 's' in ECDSA signatures. This flaw allows an attacker to create new, valid signatures for a message without knowing the private key. Its impact includes potential repudiation issues and financial fraud, and exploitation can be complex but impactful.
Affected Software
Technical Details
The vulnerability in Elliptic package 6.5.6 for Node.js involves ECDSA signature malleability stemming from a missing check for whether the leading bit of the 'r' and 's' values (components of an ECDSA signature) is zero. In ECDSA, signatures are pairs (r, s). Some implementations accept (r, -s mod N) as also valid for the same message, or don't properly normalize (r, s). The specific flaw here is the failure to enforce proper canonical encoding rules regarding the 'leading bit being zero' for r and s. This allows an attacker to slightly alter a valid signature (r, s) to an equally valid, but different, signature (r', s') without invalidating the message or requiring the private key. This malleability can be exploited in systems where a unique signature is expected for a unique message, leading to potential transaction replay, altered proof of ownership, or other repudiation issues.
What is the Impact of CVE-2024-42460?
Successful exploitation may allow attackers to create new, valid signatures for a message, potentially leading to transaction repudiation, alteration of proofs of ownership, or other forms of cryptographic fraud where unique signature identity is critical.
What is the Exploitability of CVE-2024-42460?
Exploitation involves modifying an existing valid ECDSA signature to produce another equally valid signature by manipulating the 'r' and 's' values. The complexity is medium to high, requiring a deep understanding of elliptic curve cryptography and the specific ECDSA implementation details. No authentication or specific privileges are required to modify an existing signature, assuming the attacker has access to a message and its legitimate signature. This is typically a local attack if the attacker can intercept or modify signatures in transit, or remote if they can submit malformed signatures to a service. The primary risk factor is the use of the vulnerable Elliptic library in applications where signature uniqueness and non-malleability are critical, such as in blockchain transactions or secure communication protocols.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-42460?
About the Fix from Resolved Security
This patch adds stricter validation of DER-encoded ECDSA and EdDSA signatures, checking for invalid leading zero bytes, correct object size, and that the high bit is not set in signature component values. These input checks prevent signature malleability and improper parsing, thereby fixing CVE-2024-42460, which allowed attackers to exploit malformed signatures that could otherwise bypass cryptographic verification.
Available Upgrade Options
- elliptic
- >2.0.0, <6.5.7 → Upgrade to 6.5.7
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/indutny/elliptic/commit/b6ff1758d9a6d1a7aec177ff6df9f586492a6315
- https://github.com/indutny/elliptic
- https://github.com/indutny/elliptic/pull/317
- https://nvd.nist.gov/vuln/detail/CVE-2024-42460
- https://osv.dev/vulnerability/GHSA-977x-g7h5-7qgw
- https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11
- https://github.com/indutny/elliptic/pull/317
What are Similar Vulnerabilities to CVE-2024-42460?
Similar Vulnerabilities: CVE-2018-17182 , CVE-2017-1000364 , CVE-2018-12497 , CVE-2019-10559 , CVE-2020-13645
