CVE-2022-41340

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41340

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41340.json

Aliases

GHSA-q3f4-9h4p-vgr3

Published

2022-09-24T19:15:08Z

Modified

2023-11-29T09:51:18.453363Z

Details

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.

References

Affected packages

Git / github.com/lionello/secp256k1-js

Affected ranges

Type: GIT
Repo: https://github.com/lionello/secp256k1-js
Events: Introduced

0The exact introduced commit is unknown

Fixed

302800f0370b42e360a33774bb808274ac729c2e

Affected versions

1.*

1.0.0