CVE-2024-48949

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Oct 10, 2024
Updated: Oct 15, 2024
CWE ID 347

Summary

CVE-2024-48949 is a critical vulnerability found in the verify function of the Elliptic package, specifically in lib/elliptic/eddsa/index.js, affecting versions prior to 6.5.6 for Node.js. The vulnerability arises from the omission of essential validation checks for cryptographic signatures, which can lead to both high confidentiality and integrity impacts when exploited over a network. Affected products include zVBRyZ, zXQp1H, zVBRyY, zWXA7a, zVBRyX, and zXQp1I. Organizations are advised to remediate this issue by updating their Elliptic package to version 6.5.6 or later as detailed in the provided GitHub references. Failure to address this vulnerability may expose systems to significant security risks due to improper verification of cryptographic signatures (CWE-347).

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share