2 matches found
CVE-2024-23342
The CVE-2024-23342 entry concerns the python-ecdsa package (pure-Python ECC implementation) with support for ECDSA/EdDSA/ECDH. Versions 0.18.0 and earlier are vulnerable to the Minerva attack. The available connected documents confirm that the vulnerability is tied to this package and note the ab...
CVE-2026-33936
CVE-2026-33936 affects the Python package python-ecdsa (pre-0.19.2). A flaw in the low-level DER parsing (remove_octet_string) can cause generated truncated DER inputs to be accepted, allowing SigningKey.from_der() to raise an internal IndexError instead of rejecting malformed data, potentially c...