starkbank/ecdsa is vulnerable to Signature Malleability
31
Low Risk
The pure-PHP ECDSA implementation in src/ecdsa.php signs messages without normalizing the result to the low-S form, so sign can emit high-S signatures and verify accepts both a signature and its N - s counterpart as valid for the same message and key. A party that observes one valid signature can therefore derive a second, distinct signature that still verifies, producing signature malleability that can break systems relying on signature uniqueness. The same code also omits an on-curve check for the supplied public key during verification and derives signing nonces from a plain random source instead of a hedged RFC 6979 construction. The fix normalizes signatures to low-S, rejects public keys that are not on the curve, adopts hedged RFC 6979 nonces, and corrects hash truncation for digests larger than the curve order.
You are affected if you are using a version that falls within the vulnerable range.
starkbank/ecdsa is vulnerable to Signature Malleability in versions 2.0.0 - 2.1.0.
Upgrade the starkbank/ecdsa library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant