USN-6239-1: ECDSA Util vulnerability

🗓️ 20 Jul 2023 09:01:16Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 40 Views

Vulnerability in ECDSA Util on Ubuntu 22.04, 20.04, 18.04, and 16.04

Reporter	Title	Published	Views	Family All 35
BDU FSTEC	The vulnerability of the `ecdsa_verify_[prepare_]legacy()` command-line tool for ECDSA elliptic curve cryptography, provided by `ecdsautils`, allows a perpetrator to compromise data integrity.	11 Jul 202200:00	–	bdu_fstec
Circl	CVE-2022-24884	6 May 202207:22	–	circl
CNNVD	ECDSA Util 数据伪造问题漏洞	6 May 202200:00	–	cnnvd
CVE	CVE-2022-24884	5 May 202223:50	–	cve
Cvelist	CVE-2022-24884 Trivial signature forgery in ecdsautils	5 May 202223:50	–	cvelist
Debian	[SECURITY] [DLA 2997-1] ecdsautils security update	7 May 202206:12	–	debian
Debian	[SECURITY] [DSA 5132-1] ecdsautils security update	8 May 202219:11	–	debian
Debian CVE	CVE-2022-24884	5 May 202223:50	–	debiancve
Tenable Nessus	Debian DLA-2997-1 : ecdsautils - LTS security update	7 May 202200:00	–	nessus
Tenable Nessus	Debian DSA-5132-1 : ecdsautils - security update	10 May 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	20.04	any	ecdsautils	0.3.2+git20151018-2+deb10u1build0.20.04.1	ecdsautils_0.3.2+git20151018-2+deb10u1build0.20.04.1_any.deb
Ubuntu	22.04	any	ecdsautils	0.3.2+git20151018-2+deb10u1build0.22.04.1	ecdsautils_0.3.2+git20151018-2+deb10u1build0.22.04.1_any.deb
Ubuntu	16.04	any	ecdsautils	0.3.2+git20151018-2ubuntu0.16.04.1~esm1	ecdsautils_0.3.2+git20151018-2ubuntu0.16.04.1~esm1_any.deb
Ubuntu	18.04	any	ecdsautils	0.3.2+git20151018-2ubuntu0.18.04.1~esm1	ecdsautils_0.3.2+git20151018-2ubuntu0.18.04.1~esm1_any.deb

20 Jul 2023 09:01Current

8High risk

Vulners AI Score8

CVSS 25

CVSS 3.17.5 - 10

EPSS0.00124

SSVC

ecdsa ubuntu signature verification elliptic curve cryptography command line tools