CVE-2024-42461
Signature Malleability vulnerability in elliptic (npm)
What is CVE-2024-42461 About?
This is a Signature Malleability vulnerability in the Elliptic package for Node.js, allowing BER-encoded signatures. This flaw enables attackers to create new, valid signatures for a message without possessing the private key. The impact includes potential repudiation and fraud, and while exploitation can be intricate, its consequences are significant.
Affected Software
Technical Details
The vulnerability in Elliptic package 6.5.6 for Node.js is due to ECDSA signature malleability stemming from the acceptance of BER (Basic Encoding Rules)-encoded signatures. While DER (Distinguished Encoding Rules) mandates a canonical way to encode signatures, flexible BER encoding schemes can allow for multiple valid representations of the same mathematical signature. By exploiting this flexibility, an attacker can receive a valid signature, re-encode it using an alternative BER format, and produce a new signature that is byte-for-byte different but cryptographically equivalent. This new signature will pass verification against the original message and public key, despite not being the original signature produced, leading to issues like transaction replay or repudiation in systems expecting a unique signature for a unique message.
What is the Impact of CVE-2024-42461?
Successful exploitation may allow attackers to create new, valid signatures for a message, potentially leading to transaction repudiation, alteration of proofs of ownership, or other forms of cryptographic fraud where unique signature identity is critical.
What is the Exploitability of CVE-2024-42461?
Exploitation involves re-encoding existing valid ECDSA signatures using a non-canonical BER format. The complexity is medium to high, requiring a solid understanding of cryptographic signature encoding schemes and the Elliptic library's parsing logic. No authentication or specific privileges are required to perform the re-encoding, assuming the attacker has access to a message and its legitimate signature. This can be a local attack if the attacker intercepts or modifies data, or remote if a service accepts and re-processes BER-encoded signatures from external sources. The primary risk factor is the library's leniency in accepting non-canonical signature encodings, particularly in contexts where strict signature uniqueness is expected.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| fevar54 | Link | Se han identificado problemas en la verificación de firmas ECDSA y EDDSA en el proyecto Wycheproof. Las comprobaciones ausentes durante la etapa de decodificación de firmas permiten agregar o... |
What are the Available Fixes for CVE-2024-42461?
About the Fix from Resolved Security
This patch adds additional validation checks when parsing ECC and EdDSA signatures to reject improperly formatted signatures, such as those with leading zeroes or invalid length and high-bit encodings. By enforcing stricter DER and signature size requirements, it mitigates the risk of signature malleability or acceptance of non-canonical signatures, thereby fixing the vulnerability CVE-2024-42461.
Available Upgrade Options
- elliptic
- >5.2.1, <6.5.7 → Upgrade to 6.5.7
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/indutny/elliptic
- https://github.com/indutny/elliptic/pull/317
- https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11
- https://github.com/indutny/elliptic/pull/317
- https://nvd.nist.gov/vuln/detail/CVE-2024-42461
- https://osv.dev/vulnerability/GHSA-49q7-c7j4-3p7m
What are Similar Vulnerabilities to CVE-2024-42461?
Similar Vulnerabilities: CVE-2018-17182 , CVE-2017-1000364 , CVE-2018-12497 , CVE-2019-10559 , CVE-2020-13645
