CNNVD-202507-011 Information

CNNVD ID

CNNVD-202507-011

Related CVE

CVE-2024-49364

• CNNVD Published: 2025-07-01

Description (Chinese)

tiny-secp256k1是bitcoinjs开源的一个包装器。 tiny-secp256k1 1.1.7之前版本存在安全漏洞，该漏洞源于签名恶意JSON可字符串化对象时可能泄露私钥，可能导致私钥提取。

Description (English)

Tiny-secp256k1 is a packaging unit for the open source of bitcoinjs. There is a security loophole in the previous version of Tiny-secp256k1.1.7 that arises from the possibility of leaking a private key when signing a malicious JSON serialized object, which may lead to private key extraction.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

bitcoinjs

Published

2025-07-01

Last Modified

2026-02-24

References

https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-7mc2-6phr-23xc https://github.com/bitcoinjs/tiny-secp256k1/pull/140 https://access.redhat.com/security/cve/cve-2024-49364

Patch

https://github.com/bitcoinjs/tiny-secp256k1/tags