CVE-2024-42461

Publication date 2 August 2024

Last updated 11 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

Description

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

Status

Package Ubuntu Release Status
node-elliptic 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
25.04 plucky Ignored end of life, was needs-triage
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal Ignored end of standard support, was needs-triage
18.04 LTS bionic
Needs evaluation

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.3 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Other references

Access our resources on patching vulnerabilities