Lucene search
Veracode Vulnerability DatabaseVERACODE:32912HistoryNov 11, 2021 - 7:38 a.m.
Signature Forgery
2021-11-1107:38:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.003 Low
EPSS
Percentile
71.3%
starkbank_ecdsa is vulnerable to signature forgery. Remote attackers are able to forge signatures on arbitrary messages due to insufficient verifications in verify function in ecdsa.py.
| CPE | Name | Operator | Version |
|---|---|---|---|
| starkbank-ecdsa | le | 2.0.1 | |
| starkbank-ecdsa | le | 2.0.1 |
References
github.com/starkbank/ecdsa-python/commit/bc59e5d01931e5e4b7865f0ad57bab2a59a6a589
github.com/starkbank/ecdsa-python/commit/d136170666e9510eb63c2572551805807bd4c17f
github.com/starkbank/ecdsa-python/pull/29
github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
Related
osv
osv
Improper Verification of Cryptographic Signature in starkbank-ecdsa
2021-11-10 20:41:39
CVE-2021-43572
2021-11-09 22:15:07
PYSEC-2021-426
2021-11-09 22:15:00
github
github
Improper Verification of Cryptographic Signature in starkbank-ecdsa
2021-11-10 20:41:39
cnvd
cnvd
Stark Bank Data Forgery Issue Vulnerability (CNVD-2021-95644)
2021-11-11 00:00:00
prion
prion
Design/Logic Flaw
2021-11-09 22:15:00
cve
cve
CVE-2021-43572
2021-11-09 22:15:07
nvd
nvd
CVE-2021-43572
2021-11-09 22:15:07
cvelist
cvelist
CVE-2021-43572
2021-11-09 21:05:20