4 matches found
starkbank (>=0.0.1 <=0.0.6) potentially affected by CVE-2021-43571 via starkbank-ecdsa (>=0.0.1 <=0.0.2)
starkbank-ecdsa NPM version =0.0.1, =0.0.1, =0.0.6 Source cves: CVE-2021-43571 Source advisory: OSV:GHSA-Q9Q6-F556-GPM7...
CVE-2021-43571
The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43571
The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43571
The CVE-2021-43571 entry concerns Stark Bank’s Node.js ECDSA library (ecdsa-node) 1.1.2. The vulnerability stems from the verify function not checking that the signature is non-zero, which enables forging signatures on arbitrary messages. Reported impact indicates potential for signature forgery ...