From e377d09c23ebf8a3dda0877ec25f8e136bda50f7 Mon Sep 17 00:00:00 2001
From: Patryk Osmaczko <osmaczkopatryk@gmail.com>
Date: Thu, 6 Feb 2025 09:05:54 +0100
Subject: [PATCH] fix: prevent CVE-2025-24883 in eth-node's crypto package

iterates: #6330
---
 eth-node/crypto/gethcrypto.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/eth-node/crypto/gethcrypto.go b/eth-node/crypto/gethcrypto.go
index 80070f06eb0..7abefd079e6 100644
--- a/eth-node/crypto/gethcrypto.go
+++ b/eth-node/crypto/gethcrypto.go
@@ -147,6 +147,9 @@ func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {
 	if x == nil {
 		return nil, errInvalidPubkey
 	}
+	if !S256().IsOnCurve(x, y) {
+		return nil, errInvalidPubkey
+	}
 	return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
 }