Описание
The ecdsa PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.
A flaw was found in the ecdsa PyPI package, a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior may be vulnerable to the Minerva attack.
Отчет
Some of the offerings such as Quay do not rely on python-ecdsa, therefore the impact is minimal or non-existing for these products.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | python-ecdsa | Not affected | ||
| Red Hat Satellite 6 | python-ecdsa | Affected | ||
| Red Hat Satellite 6 | satellite:el8/python-ecdsa | Affected | ||
| Red Hat Satellite 6.15 for RHEL 8 | python-pulp-container | Fixed | RHSA-2024:10806 | 04.12.2024 |
| Red Hat Satellite 6.15 for RHEL 8 | python-pulp-container | Fixed | RHSA-2024:10806 | 04.12.2024 |
| RHUI 4 for RHEL 8 | python-ecdsa | Fixed | RHSA-2024:1878 | 18.04.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.
The `ecdsa` PyPI package is a pure Python implementation of ECC (Ellip ...
EPSS
7.4 High
CVSS3