ghsa-7mc2-6phr-23xc
Vulnerability from github
Published
2025-06-30 17:43
Modified
2025-07-01 13:13
Severity ?
8.1 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Summary
tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment
Details

Summary

Private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is buffer package

Details

This affects only environments where require('buffer') is https://npmjs.com/buffer E.g.: browser bundles, React Native apps, etc.

Buffer.isBuffer check can be bypassed, resulting in k reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one)

v2.x is unaffected as it verifies input to be an actual Uint8Array instance

Such a message can be constructed for any already known message/signature pair, meaning that the attack needs only a single malicious message being signed for a full key extraction

While signing unverified attacker-controlled messages would be problematic itself (and exploitation of this needs such a scenario), signing a single message still should not leak the private key

Also, message validation could have the same bug (out of scope for this report, but could be possible in some situations), which makes this attack more likely when used in a chain

https://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this

PoC

This code deliberately doesn't provide funnyBuffer and extractTiny for now, could be updated later

```js import secp256k1 from 'tiny-secp256k1' import crypto from 'crypto'

const key = crypto.randomBytes(32)

const msg0 = crypto.randomBytes(32) const sig0 = secp256k1.sign(msg0, key).toString('hex')

const msg1 = funnyBuffer(msg0) const sig1 = secp256k1.sign(msg1, key).toString('hex')

const restored = extractTiny(msg0, sig0, sig1) console.log('Guesses:', JSON.stringify(restored, undefined, 2)) const recheck = (k) => secp256k1.sign(msg0, Buffer.from(k, 'hex')).toString('hex') === sig0 console.log('Rechecked:', JSON.stringify(restored.filter(recheck)))

console.log('Actual key', key.toString('hex')) ```

Output: console Guesses: [ "8f351953047e6b149e0595547e7d10a8a1edc61bd519b5b2514202a495e434ed", "ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd" ] Rechecked: ["ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd"] Actual key ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd

Impact

Full private key extraction when signing a single malicious message (that passes JSON.stringify/JSON.parse and can come from network)

Show details on source website

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.1.6"
      },
      "package": {
        "ecosystem": "npm",
        "name": "tiny-secp256k1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-49364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-30T17:43:39Z",
    "nvd_published_at": "2025-07-01T03:15:21Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nPrivate key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is [`buffer` package](https://www.npmjs.com/package/buffer)\n\n### Details\n\nThis affects only environments where `require(\u0027buffer\u0027)` is \u003chttps://npmjs.com/buffer\u003e\nE.g.: browser bundles, React Native apps, etc.\n\n`Buffer.isBuffer` check can be bypassed, resulting in `k` reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one)\n\nv2.x is unaffected as it verifies input to be an actual `Uint8Array` instance\n\nSuch a message can be constructed for any already known message/signature pair, meaning that the attack needs only a single malicious message being signed for a full key extraction\n\nWhile signing unverified attacker-controlled messages would be problematic itself (and exploitation of this needs such a scenario), signing a single message still should not leak the private key\n\nAlso, message validation could have the same bug (out of scope for this report, but could be possible in some situations), which makes this attack more likely when used in a chain\n\nhttps://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this\n\n### PoC\n\nThis code deliberately doesn\u0027t provide `funnyBuffer` and `extractTiny` for now, could be updated later\n\n```js\nimport secp256k1 from \u0027tiny-secp256k1\u0027\nimport crypto from \u0027crypto\u0027\n\nconst key = crypto.randomBytes(32)\n\nconst msg0 = crypto.randomBytes(32)\nconst sig0 = secp256k1.sign(msg0, key).toString(\u0027hex\u0027)\n\nconst msg1 = funnyBuffer(msg0)\nconst sig1 = secp256k1.sign(msg1, key).toString(\u0027hex\u0027)\n\nconst restored = extractTiny(msg0, sig0, sig1)\nconsole.log(\u0027Guesses:\u0027, JSON.stringify(restored, undefined, 2))\nconst recheck = (k) =\u003e secp256k1.sign(msg0, Buffer.from(k, \u0027hex\u0027)).toString(\u0027hex\u0027) === sig0\nconsole.log(\u0027Rechecked:\u0027, JSON.stringify(restored.filter(recheck)))\n\nconsole.log(\u0027Actual key\u0027, key.toString(\u0027hex\u0027))\n```\n\nOutput:\n```console\nGuesses: [\n  \"8f351953047e6b149e0595547e7d10a8a1edc61bd519b5b2514202a495e434ed\",\n  \"ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd\"\n]\nRechecked: [\"ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd\"]\nActual key ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd\n```\n\n### Impact\n\nFull private key extraction when signing a single malicious message (that passes `JSON.stringify`/`JSON.parse` and can come from network)",
  "id": "GHSA-7mc2-6phr-23xc",
  "modified": "2025-07-01T13:13:29Z",
  "published": "2025-06-30T17:43:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-7mc2-6phr-23xc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49364"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1/pull/140"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.