2302460 – (CVE-2024-42461) CVE-2024-42461 elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed

Bug 2302460 (CVE-2024-42461) - CVE-2024-42461 elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed

Summary: CVE-2024-42461 elliptic: nodejs/elliptic: ECDSA implementation malleability d...

Keywords:
Status:	NEW
Alias:	CVE-2024-42461
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2303237 2303221 2303222 2303223 2303224 2303225
Blocks:
TreeView+	depends on / blocked

Reported:	2024-08-02 07:20 UTC by OSIDB Bzimport
Modified:	2025-06-01 08:27 UTC (History)
CC List:	109 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:6738	None	None	None	2024-09-17 19:47:48 UTC
Red Hat Product Errata	RHSA-2024:6779	None	None	None	2024-09-18 19:22:31 UTC
Red Hat Product Errata	RHSA-2024:7759	None	None	None	2024-10-07 15:27:58 UTC
Red Hat Product Errata	RHSA-2024:7994	None	None	None	2024-10-11 01:44:43 UTC

Description OSIDB Bzimport 2024-08-02 07:20:41 UTC

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

Comment 1 errata-xmlrpc 2024-09-17 19:47:48 UTC

This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.5 for RHEL 8
  multicluster engine for Kubernetes 2.5 for RHEL 9

Via RHSA-2024:6738 https://access.redhat.com/errata/RHSA-2024:6738

Comment 2 errata-xmlrpc 2024-09-18 19:22:30 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9

Via RHSA-2024:6779 https://access.redhat.com/errata/RHSA-2024:6779

Comment 4 errata-xmlrpc 2024-10-07 15:27:57 UTC

This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.6 for RHEL 9
  multicluster engine for Kubernetes 2.6 for RHEL 8

Via RHSA-2024:7759 https://access.redhat.com/errata/RHSA-2024:7759

Comment 5 errata-xmlrpc 2024-10-11 01:44:43 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9

Via RHSA-2024:7994 https://access.redhat.com/errata/RHSA-2024:7994

Note You need to log in before you can comment on or make changes to this bug.

abarbaro
akostadi
alcohan
amasferr
anjoseph
anpicker
asoldano
bbaranow
bdettelb
bmaxwell
bparees
brainfor
brian.stansberry
caswilli
cbartlet
cdaley
cdewolf
chazlett
ckandaga
cmiranda
darran.lofthouse
dhanak
dkreling
dmayorov
doconnor
dosoudil
dsimansk
ecerquei
erack
eric.wittmann
fjuma
gkamathe
gmalinko
gotiwari
gparvin
hasun
hkataria
ibek
istudens
ivassile
iweiss
janstey
jcantril
jchui
jfula
jhe
jhorak
jlledo
jowilson
jprabhak
jrokos
jwendell
kaycoth
kingland
kshier
ktsao
kverlaen
lbainbri
lchilton
lgao
lsharar
matzew
mjaros
mkudlej
mmakovy
mnovotny
mosmerov
msochure
msvehla
mvyas
nboldt
nipatil
njean
nwallace
nyancey
ometelka
owatkins
pahickey
pantinor
pcongius
pdelbell
pesilva
pierdipi
pjindal
pmackay
psrna
ptisnovs
pvasanth
rcernich
rguimara
rhaigner
rhuss
rkubis
rojacob
rstancel
rstepani
rtaniwa
sdawley
sfeifer
smaestri
syedriko
teagle
tjochec
tkral
tom.jenkinson
tpopela
twalsh
wtam
xdharmai