January 7, 2026

Elliptic? More like Eek‑liptic

Article URL →HN comments →

We found cryptography bugs in the elliptic library using Wycheproof

Crypto-signing flaw hits 10M‑download JS library; commenters ask why the fix is late

TLDR: Trail of Bits says a hugely popular JavaScript crypto library has two signature bugs, and one still isn’t fixed after the 90‑day window. Commenters are torn between pushing public pressure and questioning timing, while worrying how one small dependency can shake trust across thousands of apps.

The internet’s crypto-nerve twitched today as Trail of Bits revealed two serious bugs in “elliptic,” a JavaScript library with 10M weekly downloads and used by ~3,000 projects. One bug can let attackers forge a signature under certain conditions; another can wrongly reject legit signatures if the hash starts with zeros. The kicker? One fix is still not shipped despite a 90‑day disclosure window that ended in October 2024.

Commenters came in hot. binkHN’s blunt “FYI” read like an alarm bell, while tuananh crystallized the mood: why disclose now if it wasn’t fixed then—should it have gone public right after 90 days? Cue a classic split: one camp wants sunlight and urgency; the other worries about stampeding users without a patch. Underneath it all: anxiety about supply‑chain trust when a tiny library powers so much.

Wycheproof, Google’s test suite for catching crypto mistakes, is the unlikely hero—an intern used it to uncover five issues (three minor, two severe) and even wrote proofs‑of‑concept. And yes, the peanut gallery brought gallows humor—think “eek‑liptic” puns and nervous “just don’t sign anything” jokes—masking real unease: if signature checks can be bent or borked, what else is creaking?

Key Points

  • Trail of Bits disclosed five vulnerabilities in the elliptic JavaScript cryptography library, including two severe issues.
  • CVE-2024-48949: EdDSA signature malleability arises from a missing check that s is in the range 0 ≤ s < n per NIST FIPS 186-5.
  • CVE-2024-48948: ECDSA verification can fail for valid signatures when the hash has leading zeros (e.g., SHA-256 outputs with four leading zero bytes).
  • Three minor parsing issues were publicly disclosed via a pull request, with CVE IDs requested; the two severe issues were privately disclosed via GitHub advisories.
  • One vulnerability remains unfixed after a 90-day disclosure window that ended in October 2024.

Hottest takes

"FYI: two vulnerabilities in elliptic" — binkHN
"curious why now. should they public it last year after 90-day disclosure window ended?" — tuananh

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.