GHSA-7MC2-6PHR-23XC

Vulnerability from github – Published: 2025-06-30 17:43 – Updated: 2025-07-01 13:13
VLAI?
Summary
tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment
Details

Summary

Private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is buffer package

Details

This affects only environments where require('buffer') is https://npmjs.com/buffer E.g.: browser bundles, React Native apps, etc.

Buffer.isBuffer check can be bypassed, resulting in k reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one)

v2.x is unaffected as it verifies input to be an actual Uint8Array instance

Such a message can be constructed for any already known message/signature pair, meaning that the attack needs only a single malicious message being signed for a full key extraction

While signing unverified attacker-controlled messages would be problematic itself (and exploitation of this needs such a scenario), signing a single message still should not leak the private key

Also, message validation could have the same bug (out of scope for this report, but could be possible in some situations), which makes this attack more likely when used in a chain

https://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this

PoC

This code deliberately doesn't provide funnyBuffer and extractTiny for now, could be updated later

import secp256k1 from 'tiny-secp256k1'
import crypto from 'crypto'

const key = crypto.randomBytes(32)

const msg0 = crypto.randomBytes(32)
const sig0 = secp256k1.sign(msg0, key).toString('hex')

const msg1 = funnyBuffer(msg0)
const sig1 = secp256k1.sign(msg1, key).toString('hex')

const restored = extractTiny(msg0, sig0, sig1)
console.log('Guesses:', JSON.stringify(restored, undefined, 2))
const recheck = (k) => secp256k1.sign(msg0, Buffer.from(k, 'hex')).toString('hex') === sig0
console.log('Rechecked:', JSON.stringify(restored.filter(recheck)))

console.log('Actual key', key.toString('hex'))

Output:

Guesses: [
  "8f351953047e6b149e0595547e7d10a8a1edc61bd519b5b2514202a495e434ed",
  "ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd"
]
Rechecked: ["ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd"]
Actual key ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd

Impact

Full private key extraction when signing a single malicious message (that passes JSON.stringify/JSON.parse and can come from network)

Severity ?
8.1 (High)
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.1.6"
      },
      "package": {
        "ecosystem": "npm",
        "name": "tiny-secp256k1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-49364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-30T17:43:39Z",
    "nvd_published_at": "2025-07-01T03:15:21Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nPrivate key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is [`buffer` package](https://www.npmjs.com/package/buffer)\n\n### Details\n\nThis affects only environments where `require(\u0027buffer\u0027)` is \u003chttps://npmjs.com/buffer\u003e\nE.g.: browser bundles, React Native apps, etc.\n\n`Buffer.isBuffer` check can be bypassed, resulting in `k` reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one)\n\nv2.x is unaffected as it verifies input to be an actual `Uint8Array` instance\n\nSuch a message can be constructed for any already known message/signature pair, meaning that the attack needs only a single malicious message being signed for a full key extraction\n\nWhile signing unverified attacker-controlled messages would be problematic itself (and exploitation of this needs such a scenario), signing a single message still should not leak the private key\n\nAlso, message validation could have the same bug (out of scope for this report, but could be possible in some situations), which makes this attack more likely when used in a chain\n\nhttps://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this\n\n### PoC\n\nThis code deliberately doesn\u0027t provide `funnyBuffer` and `extractTiny` for now, could be updated later\n\n```js\nimport secp256k1 from \u0027tiny-secp256k1\u0027\nimport crypto from \u0027crypto\u0027\n\nconst key = crypto.randomBytes(32)\n\nconst msg0 = crypto.randomBytes(32)\nconst sig0 = secp256k1.sign(msg0, key).toString(\u0027hex\u0027)\n\nconst msg1 = funnyBuffer(msg0)\nconst sig1 = secp256k1.sign(msg1, key).toString(\u0027hex\u0027)\n\nconst restored = extractTiny(msg0, sig0, sig1)\nconsole.log(\u0027Guesses:\u0027, JSON.stringify(restored, undefined, 2))\nconst recheck = (k) =\u003e secp256k1.sign(msg0, Buffer.from(k, \u0027hex\u0027)).toString(\u0027hex\u0027) === sig0\nconsole.log(\u0027Rechecked:\u0027, JSON.stringify(restored.filter(recheck)))\n\nconsole.log(\u0027Actual key\u0027, key.toString(\u0027hex\u0027))\n```\n\nOutput:\n```console\nGuesses: [\n  \"8f351953047e6b149e0595547e7d10a8a1edc61bd519b5b2514202a495e434ed\",\n  \"ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd\"\n]\nRechecked: [\"ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd\"]\nActual key ebc81e1632a1b3255589ba84364949a0a6fd0229444519765570706d394671dd\n```\n\n### Impact\n\nFull private key extraction when signing a single malicious message (that passes `JSON.stringify`/`JSON.parse` and can come from network)",
  "id": "GHSA-7mc2-6phr-23xc",
  "modified": "2025-07-01T13:13:29Z",
  "published": "2025-06-30T17:43:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-7mc2-6phr-23xc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49364"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1/pull/140"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.