Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-14853

Опубликовано: 26 сент. 2019
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

An error-handling flaw was found in python-ecdsa. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

Отчет

Although Red Hat OpenStack Platform ships the flawed code, RHOSP does not actually use python-ecdsa's functionality. As such, Red Hat OpenStack Platform will not be providing a fix for python-ecdsa at this time. Current releases of Red Hat Virtualization Manager no longer includes python-ecdsa as a dependency. While it remains available in repositories as a legacy dependency, it is not installed by default and its use is not recommended.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5python-ecdsaNot affected
Red Hat Ceph Storage 2python-ecdsaAffected
Red Hat OpenStack Platform 10 (Newton)python-ecdsaWill not fix
Red Hat OpenStack Platform 13 (Queens)python-ecdsaWill not fix
Red Hat OpenStack Platform 14 (Rocky)python-ecdsaWill not fix
Red Hat OpenStack Platform 15 (Stein)python-ecdsaWill not fix
Red Hat Storage 3python-ecdsaAffected
Red Hat Virtualization 4python-ecdsaWill not fix
Red Hat Satellite 6.10 for RHEL 7python-ecdsaFixedRHSA-2021:470216.11.2021
Red Hat Satellite 6.10 for RHEL 7python-ecdsaFixedRHSA-2021:470216.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-391
https://bugzilla.redhat.com/show_bug.cgi?id=1758704python-ecdsa: Unexpected and undocumented exceptions during signature decoding

EPSS

Процентиль: 21%
0.00068
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-14853

CVSS3: 7.5
ubuntu
около 6 лет назад

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

nvd логотип

CVE-2019-14853

CVSS3: 7.5
nvd
около 6 лет назад

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

debian логотип

CVE-2019-14853

CVSS3: 7.5
debian
около 6 лет назад

An error-handling flaw was found in python-ecdsa before version 0.13.3 ...

github логотип

GHSA-pwfw-mgfj-7g3g

CVSS3: 7.5
github
больше 6 лет назад

ecdsa Denial of Service vulnerability in signature verification and signature malleability

fstec логотип

BDU:2020-01480

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость криптографической библиотеки Python ECDSA, связанная с недостаточной обработкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 21%
0.00068
Низкий

3.7 Low

CVSS3