vulnerability

Red Hat JBoss EAP: CVE-2024-42460: Improper Handling of Length Parameter Inconsistency

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Aug 2, 2024	Sep 19, 2024	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 2, 2024

Added

Sep 19, 2024

Modified

Jul 2, 2025

Description

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.. A flaw was found in the Elliptic NodeJS package where it fails to properly verify the leading bit for the R and S values used in the ECDSA signature. This issue may lead to a scenario where an attacker can modify the signature without the Elliptic library being able to properly reject it, causing data confidentiality issues.

Solution

red-hat-jboss-eap-upgrade-latest

References

CWE-130
CVE-2024-42460
https://attackerkb.com/topics/CVE-2024-42460
URL-https://access.redhat.com/security/cve/CVE-2024-42460
URL-https://bugzilla.redhat.com/show_bug.cgi?id=2302459
URL-https://github.com/indutny/elliptic/pull/317

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today