2042 matches found
CVE-2026-35387
OpenSSH before 10.3 is affected by CVE-2026-35387: when listing any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms, the client/server may misinterpret this as enabling all ECDSA algorithms. The result is the unintended use of ECDSA keys, with confidentiality impact lis...
CVE-2026-35387
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...
PT-2026-29834
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description OpenSSH versions before 10.3 incorrectly handle ECDSA algorithms. Specifically, the software misinterprets the listing of any ECDSA algorithm in the PubkeyAcceptedAlgorithms or...
OpenSSH 安全漏洞
OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada, designed for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...
python-ecdsa Denial of Service
python-ecdsa suffers from a denial of service vulnerability...
python311-ecdsa-0.19.2-1.1 on GA media (moderate)
python311-ecdsa-0.19.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10468-1 Rating: moderate Cross-References: CVE-2026-33936 CVSS scores: CVE-2026-33936 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-33936 SUSE : 6.3...
Quantum-Safe Code Auditing: LLM-Assisted Static Analysis and Quantum-Aware Risk Scoring for Post-Quantum Cryptography Migration
The impending arrival of cryptographically relevant quantum computers CRQCs threatens the security foundations of modern software: Shor's algorithm breaks RSA, ECDSA, ECDH, and Diffie-Hellman, while Grover's algorithm reduces the effective security of symmetric and hash-based schemes. Despite NIS...
OPENSUSE-SU-2026:10468-1 python311-ecdsa-0.19.2-1.1 on GA media
These are all security issues fixed in the python311-ecdsa-0.19.2-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-33936
A flaw was found in the ecdsa Python package, which is used for cryptographic operations. A remote attacker can exploit this vulnerability by sending a specially crafted data input, known as Distinguished Encoding Rules DER. This malformed input can cause applications that process untrusted...
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
...
Linux Distros Unpatched Vulnerability : CVE-2026-33936
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdD...
DEBIAN-CVE-2026-33936
The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...
CVE-2026-33936
The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...
CVE-2026-33936
CVE-2026-33936 affects the Python package python-ecdsa (pre-0.19.2). A flaw in the low-level DER parsing (remove_octet_string) can cause generated truncated DER inputs to be accepted, allowing SigningKey.from_der() to raise an internal IndexError instead of rejecting malformed data, potentially c...
CVE-2026-33936
The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...
CVE-2026-33936
The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...
GHSA-9F5J-8JWJ-X28G python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Summary An issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. 1. ecdsa.der.removeoctetstring accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 40...
acapy-plugin-pickup (>=0.1.0.post1 <=0.2.0), acapy-wallet-groups-plugin (>=0.5.1 <=0.7.0) +368 more potentially affected by CVE-2026-33936 via ecdsa (>=0.13.0 <=0.19.1)
ecdsa PYPI version =0.13.0, =0.1.0.post1, =0.5.1, =0.1.7, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.0, =0.4.2, =0.1.2, =0.0.3, =0.2.0, =0.4.0 and more Source cves: CVE-2026-33936 Source advisory: SNYK:PYTHON-ECDSA-15792390...