Описание
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.13-2ubuntu0.18.04.1 |
| devel | not-affected | 0.13.3-1 |
| disco | released | 0.13-3ubuntu0.1 |
| eoan | released | 0.13.2-2ubuntu0.1 |
| esm-apps/bionic | released | 0.13-2ubuntu0.18.04.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | released | 0.13-2ubuntu0.16.04.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
A flaw was found in all python-ecdsa versions before 0.13.3, where it ...
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Уязвимость криптографической библиотеки Python ECDSA, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
6.4 Medium
CVSS2
9.1 Critical
CVSS3