Lucene search
+L

33 matches found

Github Security Blog
Github Security Blog
added 2021/10/12 4:30 p.m.33 views

Improper Verification of Cryptographic Signature in fastecdsa

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

7.5CVSS7.2AI score0.01268EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2021/10/12 4:30 p.m.20 views

GHSA-56WV-2WR9-3H9R Improper Verification of Cryptographic Signature in fastecdsa

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

8.7CVSS7.4AI score0.01268EPSS
Exploits1References8
Veracode
Veracode
added 2020/06/03 2:49 a.m.15 views

Improper Signature Verification

fastecdsa does not properly perform signature verification. When Elliptic Curve Digital Signature Algorithm ECDSA signature is used with NIST P-256 SHA-256, it does not properly handled the point at infinity, leading to a failure in the signature verification if an extreme value in k and s^-1 is...

7.5CVSS1.3AI score0.01268EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2020/06/03 12:0 a.m.6 views

fastecdsa data forgery issue vulnerability

fastecdsa is a Python library for fast elliptic curve encryption by AntonKueltz Software Developers. A security vulnerability exists in fastecdsa versions prior to 2.1.2. An attacker can exploit the vulnerability to benefit by successfully guessing the user whose signature verification will fail...

7.5CVSS7.4AI score0.01268EPSS
Exploits1References1
NVD
NVD
added 2020/06/02 9:15 p.m.24 views

CVE-2020-12607

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

7.5CVSS7.4AI score0.01268EPSS
Exploits1References4
OSV
OSV
added 2020/06/02 9:15 p.m.13 views

CVE-2020-12607

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

7.5CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2020/06/02 9:15 p.m.17 views

Code injection

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

5CVSS7.5AI score0.01268EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2020/06/02 9:15 p.m.5 views

bakers-registry (>=0.1.1 <=0.1.7), django-scatter-auth (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2020-12607 via fastecdsa (>=1.6.4 <=2.0.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =0.1.0a36 - walletlib =0.1.0 Source cves: CVE-2020-12607 Source advisory: OSV:PYSEC-2020-42...

7.5CVSS7.1AI score0.01268EPSS
Exploits1
PyPA
PyPA
added 2020/06/02 9:15 p.m.6 views

PYSEC-2020-42

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

7.5CVSS7AI score0.01268EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2020/06/02 9:15 p.m.23 views

PYSEC-2020-42

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

7.5CVSS3AI score0.01268EPSS
Exploits1References5
CVE
CVE
added 2020/06/02 9:0 p.m.97 views

CVE-2020-12607

CVE-2020-12607 affects the fastecdsa library prior to 2.1.2, where using the NIST P-256 curve in the ECDSA implementation mishandles the point at infinity during signature verification. This can cause verification to fail for an otherwise valid signature when extreme values occur for k and s^-1, ...

7.5CVSS7.3AI score0.01268EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/06/02 9:0 p.m.23 views

CVE-2020-12607

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

7.4AI score0.01268EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/06/02 12:0 a.m.5 views

PT-2020-13166 · Fastecdsa · Fastecdsa

Name of the Vulnerable Software and Affected Versions: fastecdsa versions prior to 2.1.2 Description: An issue was discovered in the ECDSA implementation when using the NIST P-256 curve. The point at infinity is mishandled, which means that for extreme values in k and s^-1, the signature...

8.7CVSS7.2AI score0.01268EPSS
Exploits1References13
Rows per page
Query Builder