122 matches found
CVE-2019-14859
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...
CVE-2019-14859
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...
PYSEC-2019-177
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
SUSE-SU-2019:3024-1 Security update for python-ecdsa
This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding bsc1153165. - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding bsc1154217...
USN-4196-1: python-ecdsa vulnerabilities
It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. CVE-2019-14853 It was discovered that python-ecdsa incorrectly verified DER encodi...
USN-4196-1 python-ecdsa vulnerabilities
It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. CVE-2019-14853 It was discovered that python-ecdsa incorrectly verified DER encodi...
Security update for python-ecdsa (moderate)
openSUSE Security Update: Security update for python-ecdsa Announcement ID: openSUSE-SU-2019:2474-1 Rating: moderate References: 1153165 1154217 Cross-References: CVE-2019-14853 CVE-2019-14859 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...
Security update for python-ecdsa (moderate)
openSUSE Security Update: Security update for python-ecdsa Announcement ID: openSUSE-SU-2019:2472-1 Rating: moderate References: 1153165 1154217 Cross-References: CVE-2019-14853 CVE-2019-14859 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now...
Denial Of Service (DoS)
python-ecdsa is vulnerable to denial of service. The DER encoding is not verified in signatures, allowing an attacker to crash the application using a malicious DER signature...
CVE-2019-14859
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...
UBUNTU-CVE-2019-14859
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...
CVE-2019-14859
A flaw was found in python-ecdsa, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false...
security/py-ecdsa -- multiple issues
py-ecdsa developers report: Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding. Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding...
Denial Of Service (DoS)
libtasn1.so is vulnerable to denial of service DoS. The attack exists because it allows a two-byte stack overflow while decoding DER encoded data in asn1derdecoding, leading to the DoS attack and possibly other attacks...
Debian: Security Advisory (DLA-1560-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)
It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...
OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)
It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...
Important: Red Hat Security Advisory: java-1.7.0-openjdk security update
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
GNU Libtasn1: Multiple vulnerabilities
Background A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Description Multiple vulnerabilities have been discovered in...
Moderate: Red Hat Security Advisory: libtasn1 security, bug fix, and enhancement update
An update for libtasn1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...