33 matches found
Improper Verification of Cryptographic Signature in fastecdsa
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
GHSA-56WV-2WR9-3H9R Improper Verification of Cryptographic Signature in fastecdsa
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
Improper Signature Verification
fastecdsa does not properly perform signature verification. When Elliptic Curve Digital Signature Algorithm ECDSA signature is used with NIST P-256 SHA-256, it does not properly handled the point at infinity, leading to a failure in the signature verification if an extreme value in k and s^-1 is...
fastecdsa data forgery issue vulnerability
fastecdsa is a Python library for fast elliptic curve encryption by AntonKueltz Software Developers. A security vulnerability exists in fastecdsa versions prior to 2.1.2. An attacker can exploit the vulnerability to benefit by successfully guessing the user whose signature verification will fail...
CVE-2020-12607
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
CVE-2020-12607
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
Code injection
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
bakers-registry (>=0.1.1 <=0.1.7), django-scatter-auth (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2020-12607 via fastecdsa (>=1.6.4 <=2.0.0)
fastecdsa PYPI version =1.6.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =0.1.0a36 - walletlib =0.1.0 Source cves: CVE-2020-12607 Source advisory: OSV:PYSEC-2020-42...
PYSEC-2020-42
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
PYSEC-2020-42
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
CVE-2020-12607
CVE-2020-12607 affects the fastecdsa library prior to 2.1.2, where using the NIST P-256 curve in the ECDSA implementation mishandles the point at infinity during signature verification. This can cause verification to fail for an otherwise valid signature when extreme values occur for k and s^-1, ...
CVE-2020-12607
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
PT-2020-13166 · Fastecdsa · Fastecdsa
Name of the Vulnerable Software and Affected Versions: fastecdsa versions prior to 2.1.2 Description: An issue was discovered in the ECDSA implementation when using the NIST P-256 curve. The point at infinity is mishandled, which means that for extreme values in k and s^-1, the signature...