vulnerability

Red Hat JBossEAP: Improper Verification of Cryptographic Signature (CVE-2024-42461)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Aug 2, 2024	Sep 19, 2024	Dec 20, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 2, 2024

Added

Sep 19, 2024

Modified

Dec 20, 2024

Description

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.. A flaw was found in the Elliptic package for Node.js. ECDSA signatures encoded in BER format are improperly validated, allowing leading zeros to be added to the signature without invalidating it, resulting in confidentiality issues.

Solution

red-hat-jboss-eap-upgrade-latest

References

CVE-2024-42461
https://attackerkb.com/topics/CVE-2024-42461
URL-https://access.redhat.com/security/cve/CVE-2024-42461
URL-https://bugzilla.redhat.com/show_bug.cgi?id=2302460
URL-https://github.com/indutny/elliptic/pull/317

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today