Bug 2428154 (CVE-2025-14505) - CVE-2025-14505 elliptic: Key handling flaws in Elliptic
Summary: CVE-2025-14505 elliptic: Key handling flaws in Elliptic
Keywords:
Status: NEW
Alias: CVE-2025-14505
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2428354 2428356 2428357 2428359 2428360 2428361 2428364 2428365 2428368 2428369 2428372 2428355 2428358 2428362 2428363 2428366 2428367 2428370 2428371
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-08 22:01 UTC by OSIDB Bzimport
Modified: 2026-01-09 22:33 UTC (History)
36 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-01-08 22:01:43 UTC 
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of  RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of 'k' is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result. Furthermore, due to the nature of the fault, attackers could–under certain conditions–derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs.

This issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1).
Note You need to log in before you can comment on or make changes to this bug.