Lucene search
Veracode Vulnerability DatabaseVERACODE:25563HistoryJun 03, 2020 - 2:49 a.m.
Improper Signature Verification
2020-06-0302:49:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.002 Low
EPSS
Percentile
64.3%
fastecdsa does not properly perform signature verification. When Elliptic Curve Digital Signature Algorithm (ECDSA) signature is used with NIST P-256 (SHA-256), it does not properly handled the point at infinity, leading to a failure in the signature verification if an extreme value in k and s^-1 is provided even with a correct signature value.
References
github.com/AntonKueltz/fastecdsa/commit/4a16daeaf139be20654ef58a9fe4c79dc030458c
github.com/AntonKueltz/fastecdsa/commit/4a16daeaf139be20654ef58a9fe4c79dc030458c
github.com/AntonKueltz/fastecdsa/commit/7b64e3efaa806b4daaf73bb5172af3581812f8de
github.com/AntonKueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1
github.com/AntonKueltz/fastecdsa/issues/52
Related
osv
osv
CVE-2020-12607
2020-06-02 21:15:10
PYSEC-2020-42
2020-06-02 21:15:00
Improper Verification of Cryptographic Signature in fastecdsa
2021-10-12 16:30:37
nvd
nvd
CVE-2020-12607
2020-06-02 21:15:10
github
github
Improper Verification of Cryptographic Signature in fastecdsa
2021-10-12 16:30:37
prion
prion
Code injection
2020-06-02 21:15:00
cve
cve
CVE-2020-12607
2020-06-02 21:15:10
cvelist
cvelist
CVE-2020-12607
2020-06-02 21:00:52