CVE-2024-48948
Authentication Bypass vulnerability in elliptic (npm)
What is CVE-2024-48948 About?
The Elliptic library prior to 6.6.0 for Node.js, specifically in its ECDSA implementation, incorrectly rejects valid signatures if the hash contains at least four leading zero bytes and the curve's base point order is smaller than the hash. This leads to legitimate transactions or communications being incorrectly flagged as invalid. This vulnerability is complex to exploit directly for malicious purposes but can disrupt services.
Affected Software
Technical Details
The vulnerability in the Elliptic library before version 6.6.0, affecting its ECDSA implementation in Node.js, stems from an '_truncateToN anomaly'. This anomaly causes the library to reject valid ECDSA signatures under specific conditions: when the hash of the signed message contains at least four leading zero bytes, and simultaneously, the order of the elliptic curve's base point 'n' is smaller than the hash itself. In these rare but possible circumstances, the signature verification logic fails, leading to legitimate data (transactions, messages) being incorrectly deemed invalid. This can result in denial of service for legitimate users or disruption of systems relying on correct signature verification.
What is the Impact of CVE-2024-48948?
Successful exploitation may allow attackers to cause legitimate transactions or communications to be rejected, leading to denial of service, rejection of valid data, or disruption of cryptographic workflows.
What is the Exploitability of CVE-2024-48948?
Exploitation of this vulnerability is very complex due to the highly specific cryptographic conditions required. The primary prerequisite is that the ECDSA signature being verified must be generated from a hash with at least four leading zero bytes, and the elliptic curve's base point order must be smaller than the hash. An attacker does not directly 'exploit' this to gain unauthorized access but rather exploits it to cause legitimate operations to fail. There are no authentication or privilege requirements to trigger the vulnerability, as it affects the verification logic itself. This can be considered a remote vulnerability if the ECDSA verification happens in a network service. The likelihood of encountering these specific cryptographic conditions is extremely low, making direct malicious exploitation difficult, but it can lead to availability issues for legitimate transactions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-48948?
About the Fix from Resolved Security
This patch ensures that when truncating message hashes for ECDSA signing and verification, the bit length is accurately determined and can be explicitly specified, preserving leading zeros and preventing hash length mismatches. This correct handling addresses CVE-2024-48948, which allowed certain valid signatures to be rejected or incorrectly processed because leading zeros were discarded, resulting in incorrect signature verification behavior.
Available Upgrade Options
- elliptic
- <6.6.0 → Upgrade to 6.6.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/indutny/elliptic/commit/34c853478cec1be4e37260ed2cb12cdbdc6402cf
- https://security.netapp.com/advisory/ntap-20241220-0004/
- https://github.com/indutny/elliptic
- https://osv.dev/vulnerability/GHSA-fc9h-whq2-v747
- https://github.com/indutny/elliptic/issues/321
- https://security.netapp.com/advisory/ntap-20241220-0004
- https://github.com/indutny/elliptic/pull/322
- https://nvd.nist.gov/vuln/detail/CVE-2024-48948
- https://github.com/indutny/elliptic/issues/321
- https://github.com/indutny/elliptic/pull/322
What are Similar Vulnerabilities to CVE-2024-48948?
Similar Vulnerabilities: CVE-2023-40431 , CVE-2023-28405 , CVE-2022-33989 , CVE-2021-36159 , CVE-2020-25659
