DEBIAN-CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

Improper Handling of Length Parameter Inconsistency

Overview ecdsa is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency due to improper...

EUVD-2021-2359

Malware in sbrugna...

EUVD-2021-0251

Malware in sbrugna...

CVE-2021-43572

The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43571

The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

Signature malleability in permit function

Lines of code Vulnerability details Impact In the ERC20 contract used to define the interface for tranche tokens the permit function uses ecrecover to verify a signature submitted by the token owner to approve an address to spend its tranche tokens. However there is a well known issue related to...

Direct usage of ecrecover allows signature malleability

Lines of code Vulnerability details Impact The permit function of ERC20Permit calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable non-unique signatures and thus is susceptible to replay attacks. This can leads to permit...

Improper Verification of Cryptographic Signature in starkbank-ecdsa

The verify function in the Stark Bank .NET ECDSA library ecdsa-dotnet 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

Improper Verification of Cryptographic Signature in starkbank-ecdsa

The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43570

The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43572

The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

Design/Logic Flaw

The verify function in the Stark Bank .NET ECDSA library ecdsa-dotnet 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

Design/Logic Flaw

The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

PYSEC-2021-426

The verify function in the Stark Bank Python ECDSA library ecdsa-python 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43568

The verify function in the Stark Bank Elixir ECDSA library ecdsa-elixir 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43570

The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

CVE-2021-43569

The verify function in the Stark Bank .NET ECDSA library ecdsa-dotnet 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

functions permit and permitAll can be tricked by an invalid signature

Handle pauliax Vulnerability details Impact When the signature is not valid, ecrecover returns empty 0x0 address. There is a potential check against that: require recoveredAddress != address0 && recoveredAddress == owner || isApprovedForAllownerrecoveredAddress, "INVALIDPERMITSIGNATURE" ; However...