3 matches found
bakers-registry (>=0.1.1 <=0.1.7), django-scatter-auth (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2020-12607 via fastecdsa (>=1.6.4 <=2.0.0)
fastecdsa PYPI version =1.6.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =0.1.0a36 - walletlib =0.1.0 Source cves: CVE-2020-12607 Source advisory: OSV:GHSA-56WV-2WR9-3H9R...
bakers-registry (>=0.1.1 <=0.1.7), django-scatter-auth (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2020-12607 via fastecdsa (>=1.6.4 <=2.0.0)
fastecdsa PYPI version =1.6.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =0.1.0a36 - walletlib =0.1.0 Source cves: CVE-2020-12607 Source advisory: OSV:PYSEC-2020-42...
CVE-2020-12607
CVE-2020-12607 affects the fastecdsa library prior to 2.1.2, where using the NIST P-256 curve in the ECDSA implementation mishandles the point at infinity during signature verification. This can cause verification to fail for an otherwise valid signature when extreme values occur for k and s^-1, ...