CVE-2024-48948: 
JavaScript vulnerability analysis and mitigation

The Elliptic package 6.5.7 for Node.js contains a vulnerability in its ECDSA implementation where it does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash. This vulnerability, tracked as CVE-2024-48948, was discovered in October 2024 and leads to valid signatures being incorrectly rejected (NVD).

The vulnerability stems from an anomaly in the _truncateToN function where the implementation incorrectly handles message digests with leading zero bytes. The issue occurs because the library converts messages to BN instances, which can report incorrect byteLength() values when the message has 8 or more leading zero bits. According to FIPS 186-5 section 6.4.2, the hash of the message must be adjusted based on the order n of the base point of the elliptic curve, but this adjustment is not properly implemented (GitHub PR).

The vulnerability causes legitimate transactions or communications to be incorrectly flagged as invalid. Research has shown that approximately 1 in 256 signatures with vulnerable curves are incorrect, and in some cases, such as with ECDSA over secp521r1 with SHA-512, it's possible to recover the private key from one faulty signature and the corresponding correct signature (GitHub Issue).

The vulnerability has been fixed in version 6.6.0 of the Elliptic package. However, updating from the broken version to a correct implementation requires a key revocation, as users risk generating both correct and broken signatures during the transition. The fix involves properly handling message bit lengths and providing an optional msgBitLength parameter to both sign and verify functions (GitHub PR).

The vulnerability has gained attention from major organizations, with NetApp conducting investigations across their product line to identify potential impacts. The security community has actively discussed the implications, particularly focusing on the potential impact on systems using ethers 5, which depends on the affected elliptic package (NetApp Advisory).