Lucene search
Veracode Vulnerability DatabaseVERACODE:32910HistoryNov 11, 2021 - 7:27 a.m.
Signature Verification Bypass
2021-11-1107:27:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.003 Low
EPSS
Percentile
68.9%
ecdsa-node is vulnerable to signature verification bypass. The vulnerability exists because the ranges of signature r and s in verify function of ecdsa.js are not properly validated. A malicious attacker is able to perform unauthorized operations by gaining access, forging signatures on arbitrary messages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @cdottori/ecdsa-node | eq | 0.0.3 | |
| @cdottori/ecdsa-node | eq | 0.0.4 | |
| @cdottori/ecdsa-node | eq | 0.0.3 | |
| @cdottori/ecdsa-node | eq | 0.0.4 |
Related
cvelist
cvelist
CVE-2021-43571
2021-11-09 21:05:34
github
github
Improper Verification of Cryptographic Signature in starkbank-ecdsa
2021-11-10 20:58:42
cve
cve
CVE-2021-43571
2021-11-09 22:15:07
osv
osv
CVE-2021-43571
2021-11-09 22:15:07
Improper Verification of Cryptographic Signature in starkbank-ecdsa
2021-11-10 20:58:42
prion
prion
Design/Logic Flaw
2021-11-09 22:15:00
veracode
veracode
Signature Verification Bypass
2021-11-11 17:42:47
nvd
nvd
CVE-2021-43571
2021-11-09 22:15:07