Описание
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.4 High
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
A flaw was found in all python-ecdsa versions before 0.13.3, where it ...
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Уязвимость криптографической библиотеки Python ECDSA, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS
7.4 High
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2