CVE-2022-41340 – A security issue in ECDSA verify (25th Sep 2022)

Preface: The term vanilla script is used to refer to the pure JavaScript (or we can say plain JavaScript) without any type of additional library.

Background: Pure JS implementation of secp256k1 signing, verification, recovery ECDSA. The code works as-is both in browsers and NodeJS, without the need of a bundler. See this link for details –

Vulnerability details: The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. See this link for details –

Ref: Signature forgery – a vulnerability in the signing process that allows an attacker to generate valid signatures without knowing the shared secret.

Design defect: The ecverify function does not check sig[.]r = sig[.]s = 0, which leads an attacker can construct a malicious signature (0, 0) that passes arbitrary checks.

Remedy: Upgrading to version 1.1.0 resolved the issue

Current possibility of exploitation: No technical details available. The vulnerability is less known than average, and there are no exploits available.

Observation: Can hacker crack the private key from the public key”? Well, the answer is always, “No”, unless there’s a weakness in the implementation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.