CNNVD-202507-012 Information

CNNVD ID

CNNVD-202507-012

Related CVE

CVE-2024-49365

• CNNVD Published: 2025-07-01

Description (Chinese)

tiny-secp256k1是bitcoinjs开源的一个包装器。 tiny-secp256k1 1.1.7之前版本存在安全漏洞，该漏洞源于验证恶意JSON可字符串化消息时可能绕过检查，可能导致虚假验证结果。

Description (English)

Tiny-secp256k1 is a packaging unit for the open source of bitcoinjs. A security loophole existed in the previous version of Tiny-secp256k1.1.7 that arose from the possibility of circumventing a check when verifying malicious JSON stringable messages, which could result in a false authentication result.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

bitcoinjs

Published

2025-07-01

Last Modified

2026-02-24

References

https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-5vhg-9xg4-cv9m https://github.com/bitcoinjs/tiny-secp256k1/pull/140 https://access.redhat.com/security/cve/cve-2024-49365

Patch

https://github.com/bitcoinjs/tiny-secp256k1/tags