MidnightBSD

Advisories for python-ecdsa_project

CVE-2019-14853 MEDIUM

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-391,CWE-755,

Products Affected

Vendor Product Version
python-ecdsa_project python-ecdsa *
CVE-2019-14859 MEDIUM

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,CWE-347,

Products Affected

Vendor Product Version
redhat ceph_storage 3.0
python-ecdsa_project python-ecdsa *
redhat openstack 10
redhat openstack 13
redhat openstack 15
redhat ceph_storage 2.0
redhat openstack 14
redhat virtualization 4.0