11 matches found
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : ECDSA Util vulnerability (USN-6239-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6239-1 advisory. It was discovered that ECDSA Util did not properly verify certain signature values. An attacker could possibly use this issue ...
Fedora: Security Advisory for ecdsautils (FEDORA-2022-111177a5ac)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Debian DSA-5132-1 : ecdsautils - security update
The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5132 advisory. It was discovered that ecdsautils, a collection of ECDSA elliptic curve cryptography CLI tools verified some cryptographic signatures incorrectly: A signature...
Debian: Security Advisory (DLA-2997-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2997-1] ecdsautils security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2997-1 [email protected] https://www.debian.org/lts/security/ Sven Eckelmann May 07, 2022 https://wiki.debian.org/LTS -...
Debian DLA-2997-1 : ecdsautils - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2997 advisory. In ecdsautils, a collection of ECDSA elliptic curve cryptography command line tools, an improper verification of cryptographic signatures was detected. A signature consisti...
CVE-2022-24884
creationtimestamp| type| source ---|---|--- 2022-05-06 07:22:18+00:00| seen| https://t.me/cibsecurity/42090...
DEBIAN-CVE-2022-24884
ecdsautils is a tiny collection of programs used for ECDSA keygen, sign, verify. ecdsaverifypreparelegacy does not check whether the signature values r and s are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple...
UBUNTU-CVE-2022-24884
ecdsautils is a tiny collection of programs used for ECDSA keygen, sign, verify. ecdsaverifypreparelegacy does not check whether the signature values r and s are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple...
CVE-2022-24884 Trivial signature forgery in ecdsautils
ecdsautils is a tiny collection of programs used for ECDSA keygen, sign, verify. ecdsaverifypreparelegacy does not check whether the signature values r and s are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple...
CVE-2022-24884
CVE-2022-24884 affects ecdsautils, the ECDSA utilities library and CLI. The flaw is in ecdsautils’ signature verification: ecdsa_verify_[prepare_]legacy() does not reject zero-valued r or s, causing signatures comprised entirely of zeros to be deemed valid. Consequently, forged signatures can byp...