Lucene search
K

960 matches found

UbuntuCve
UbuntuCve
added 2026/03/27 11:17 p.m.5 views

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/27 10:8 p.m.10 views

CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 10:8 p.m.72 views

CVE-2026-33936

CVE-2026-33936 affects the Python package python-ecdsa (pre-0.19.2). A flaw in the low-level DER parsing (remove_octet_string) can cause generated truncated DER inputs to be accepted, allowing SigningKey.from_der() to raise an internal IndexError instead of rejecting malformed data, potentially c...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/27 10:8 p.m.6 views

CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 10:8 p.m.3 views

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/27 10:8 p.m.3 views

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.2AI score0.00476EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/03/27 10:8 p.m.3 views

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/27 3:56 p.m.3 views

Improper Handling of Length Parameter Inconsistency

Overview ecdsa is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency due to improper...

6.9CVSS5.9AI score0.00476EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/27 3:56 p.m.14 views

python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

Summary An issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. 1. ecdsa.der.removeoctetstring accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 40...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28568

Name of the Vulnerable Software and Affected Versions ecdsa versions prior to 0.19.2 Description The ecdsa package, a Python implementation of ECC, contains a flaw in its DER parsing functions. Specifically, ecdsa.der.remove octet string incorrectly accepts truncated DER data where the declared...

5.3CVSS6AI score0.00476EPSS
Exploits2References116
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

Pure-Python ECDSA and ECDH 安全漏洞

Pure-Python ECDSA and ECDH is a pure Python implementation of elliptic curve cryptography library open-sourced by tlsfuzzer. Versions of Pure-Python ECDSA and ECDH prior to 0.19.2 have security vulnerabilities. These vulnerabilities stem from low-level DER parsing functions, which may cause...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2026/03/17 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2026-1578)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.00526EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2026-1310)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the...

7.5CVSS5.9AI score0.00626EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP12 : golang (EulerOS-SA-2026-1394)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

7.5CVSS5.9AI score0.00626EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.5 views

EulerOS Virtualization 2.10.0 : gnutls (EulerOS-SA-2026-1169)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of...

8.2CVSS5.8AI score0.01245EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.6 views

EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2026-1118)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of...

8.2CVSS5.8AI score0.01245EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.202 views

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

9.8CVSS6.3AI score0.47621EPSS
Exploits7
SUSE Linux
SUSE Linux
added 2026/01/28 8:38 a.m.9 views

Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Update to version 1.24.12 released 2026-01-15 jscSLE-18320, bsc1236217: Security fixes: CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. CVE-2025-58183: archive/tar: unbounded allocation when parsin...

8.8CVSS6.2AI score0.01945EPSS
Exploits4References84
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in gnutls28

A flaw was discovered in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a speciall...

5.3CVSS6.7AI score0.01245EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: gnutls (UTSA-2026-004960)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004960 advisory. A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate...

5.3CVSS5.9AI score0.01245EPSS
Exploits0References4
Rows per page
Query Builder