4 matches found
com.starkbank.sdk:sdk-java (>=0.2.3 <=0.3.0), com.starkbank:sdk (>=0.3.0 <=2.8.0) potentially affected by CVE-2021-43570 via com.starkbank.ellipticcurve:starkbank-ecdsa (=1.0.0)
com.starkbank.ellipticcurve:starkbank-ecdsa MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.starkbank.ellipticcurve:starkbank-ecdsa and may be impacted: - com.starkbank.sdk:sdk-java =0.2.3, =0.3.0, =2.8.0 Source cves:...
CVE-2021-43570
creationtimestamp| type| source ---|---|--- 2021-11-10 00:35:23+00:00| seen| https://t.me/cibsecurity/32122...
CVE-2021-43570
The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43570
The CVE-2021-43570 issue affects Stark Bank’s Java ECDSA library (ecdsa-java) 1.0.0. The verify() function fails to enforce a non‑zero signature, enabling forgery of signatures on arbitrary messages. This vulnerability has a high/critical impact (CVSS 3.1: 9.8) with network attack exposure and re...