Lucene search
GoogleOSV:CVE-2021-43571HistoryNov 09, 2021 - 10:15 p.m.
CVE-2021-43571
2021-11-0922:15:07
Google
osv.dev
1
The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ecdsa-node | eq | 1.1.2 | |
| ecdsa-node | eq | 1.1.0 | |
| ecdsa-node | eq | 1.0.0 | |
| ecdsa-node | eq | 1.1.1 | |
| ecdsa-node | eq | 0.0.3 |
Related
veracode
veracode
Signature Verification Bypass
2021-11-11 07:27:35
Signature Verification Bypass
2021-11-11 17:42:47
cvelist
cvelist
CVE-2021-43571
2021-11-09 21:05:34
github
github
Improper Verification of Cryptographic Signature in starkbank-ecdsa
2021-11-10 20:58:42
cve
cve
CVE-2021-43571
2021-11-09 22:15:07
osv
osv
Improper Verification of Cryptographic Signature in starkbank-ecdsa
2021-11-10 20:58:42
prion
prion
Design/Logic Flaw
2021-11-09 22:15:00
nvd
nvd
CVE-2021-43571
2021-11-09 22:15:07