CVE-2025-14505

{"id": "CVE-2025-14505", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}]}, "published": "2026-01-08T21:15:42.023", "references": [{"url": "https://github.com/indutny/elliptic/issues/321", "source": "36c7be3b-2937-45df-85ea-ca7133ea542c"}, {"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-14505", "source": "36c7be3b-2937-45df-85ea-ca7133ea542c"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "description": [{"lang": "en", "value": "CWE-1240"}]}], "descriptions": [{"lang": "en", "value": "The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of 'k' is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result.\u00a0Furthermore, due to the nature of the fault, attackers could\u2013under certain conditions\u2013derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs.\n\nThis issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1)."}, {"lang": "es", "value": "La implementaci\u00f3n de ECDSA del paquete Elliptic genera firmas incorrectas si un valor intermedio de 'k' (calculado seg\u00fan el paso 3.2 de RFC 6979 HTTPS://datatracker.ietf.org/doc/html/rfc6979 ) tiene ceros iniciales y es susceptible a criptoan\u00e1lisis, lo que puede llevar a la exposici\u00f3n de la clave secreta. Esto ocurre porque la longitud en bytes de 'k' se calcula incorrectamente, lo que resulta en su truncamiento durante el c\u00e1lculo. Las transacciones o comunicaciones leg\u00edtimas se romper\u00e1n como resultado. Adem\u00e1s, debido a la naturaleza del fallo, los atacantes podr\u00edan \u2013bajo ciertas condiciones\u2013 derivar la clave secreta, si pudieran obtener tanto una firma defectuosa generada por una versi\u00f3n vulnerable de Elliptic como una firma correcta para las mismas entradas.\n\nEste problema afecta a todas las versiones conocidas de Elliptic (en el momento de escribir esto, versiones menores o iguales a 6.6.1)."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c"}