EUVD-2024-0060

Malicious code in bioql PyPI...

Uninitialized Variable in fastecdsa

Versions of the package fastecdsa before 2.3.2 use an Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary realloc, null pointer...

GHSA-PH86-G9R3-5QW4 Uninitialized Variable in fastecdsa

Versions of the package fastecdsa before 2.3.2 use an Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary realloc, null pointer...

bakers-registry (>=0.1.1 <=0.1.7), bitcoinlib (>=0.5.1 <=0.6.3) +12 more potentially affected by CVE-2024-21502 via fastecdsa (>=1.6.4 <=2.3.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.5.1, =0.1.0, =0.7.3, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: OSV:PYSEC-2024-39...

fastecdsa Security Vulnerabilities

fastecdsa is a Python library for fast elliptic curve encryption by the individual developer Antonkueltz. A security vulnerability exists in fastecdsa versions prior to 2.3.2 that stems from the easy use of uninitialized variables on the stack, which can be exploited by an attacker to cause a...

bitcoinlib (>=0.5.1 <=0.6.3), empiric-network (>=0.7.3 <=1.3.1) +6 more potentially affected by CVE-2024-21502 via fastecdsa (>=2.0.0 <=2.3.0)

fastecdsa PYPI version =2.0.0, =0.5.1, =0.7.3, =3.3.0, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: SNYK:PYTHON-FASTECDSA-6262045...

bakers-registry (>=0.1.1 <=0.1.7), django-scatter-auth (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2020-12607 via fastecdsa (>=1.6.4 <=2.0.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =0.1.0a36 - walletlib =0.1.0 Source cves: CVE-2020-12607 Source advisory: OSV:GHSA-56WV-2WR9-3H9R...

fastecdsa data forgery issue vulnerability

fastecdsa is a Python library for fast elliptic curve encryption by AntonKueltz Software Developers. A security vulnerability exists in fastecdsa versions prior to 2.1.2. An attacker can exploit the vulnerability to benefit by successfully guessing the user whose signature verification will fail...

bakers-registry (>=0.1.1 <=0.1.7), django-scatter-auth (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2020-12607 via fastecdsa (>=1.6.4 <=2.0.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =0.1.0a36 - walletlib =0.1.0 Source cves: CVE-2020-12607 Source advisory: OSV:PYSEC-2020-42...