CVE-2024-42459 Information

Description

In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended.

Reference

https://github.com/indutny/elliptic/pull/317