EUVD-2020-0078

Malware in sbrugna...

EUVD-2024-0060

Malicious code in bioql PyPI...

Heap Corruption

fastecdsa is vulnerable to Denial of Service DoS. The vulnerability is due to the curvemathmul function within curveMath.c being used and interpreted as a user-defined type without proper initialization, leading to potential arbitrary free, realloc, null pointer dereference, and other issues, as...

bakers-registry (>=0.1.1 <=0.1.7), bitcoinlib (>=0.5.1 <=0.6.3) +12 more potentially affected by CVE-2024-21502 via fastecdsa (>=1.6.4 <=2.3.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.5.1, =0.1.0, =0.7.3, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: OSV:GHSA-PH86-G9R3-5QW4...

Uninitialized Variable in fastecdsa

Versions of the package fastecdsa before 2.3.2 use an Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary realloc, null pointer...

GHSA-PH86-G9R3-5QW4 Uninitialized Variable in fastecdsa

Versions of the package fastecdsa before 2.3.2 use an Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary realloc, null pointer...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

Null pointer dereference

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

PYSEC-2024-39

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

bakers-registry (>=0.1.1 <=0.1.7), bitcoinlib (>=0.5.1 <=0.6.3) +12 more potentially affected by CVE-2024-21502 via fastecdsa (>=1.6.4 <=2.3.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.5.1, =0.1.0, =0.7.3, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: OSV:PYSEC-2024-39...

PYSEC-2024-39

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

CVE-2024-21502

CVE-2024-21502 affects the fastecdsa library prior to 2.3.2. The root cause is a Use of Uninitialized Variable on the stack in the curvemath_mul function (src/curveMath.c), where a value is interpreted as a user-defined type. Depending on the value, an attacker-controlled stack can cause arbitrar...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

fastecdsa Security Vulnerabilities

fastecdsa is a Python library for fast elliptic curve encryption by the individual developer Antonkueltz. A security vulnerability exists in fastecdsa versions prior to 2.3.2 that stems from the easy use of uninitialized variables on the stack, which can be exploited by an attacker to cause a...

PT-2024-18918 · Fastecdsa · Fastecdsa

Name of the Vulnerable Software and Affected Versions: fastecdsa versions prior to 2.3.2 Description: The issue is related to the use of an uninitialized variable on the stack, specifically via the curvemath mul function in src/curveMath.c. This variable is used and interpreted as a user-defined...

bitcoinlib (>=0.5.1 <=0.6.3), empiric-network (>=0.7.3 <=1.3.1) +6 more potentially affected by CVE-2024-21502 via fastecdsa (>=2.0.0 <=2.3.0)

fastecdsa PYPI version =2.0.0, =0.5.1, =0.7.3, =3.3.0, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: SNYK:PYTHON-FASTECDSA-6262045...

Use of Uninitialized Variable

Overview fastecdsa is a python package for doing fast elliptic curve cryptography, specifically digital signatures. Affected versions of this package are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted a...

Improper Verification of Cryptographic Signature in fastecdsa

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s-1, the signature verification fails even if the signature is correct. This behavior is not solely a...