PT-2019-4890 · Python+3 · Python-Ecdsa+3

Tomato42

Publicado

2019-10-07

Atualizado

2024-06-15

CVE-2019-14859

CVSS v2.0

9.4

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions python-ecdsa versions prior to 0.13.3

Description A flaw was found in the python-ecdsa library where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. An attacker could use a malleable signature to create false transactions, potentially impacting the confidentiality and integrity of protected information.

Recommendations For versions prior to 0.13.3, update to version 0.13.3 or later to resolve the issue. As a temporary workaround, consider implementing additional signature verification measures to minimize the risk of exploitation. Restrict the use of the python-ecdsa library until a patch is applied.

Exploit

Correção

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-347

Identificadores relacionados

ALT-PU-2020-3226

BDU:2020-01481

CVE-2019-14859

DLA-1978-1

DSA-4588-1

GHSA-8QXJ-F9RH-9FG2

MGASA-2020-0002

OPENSUSE-SU-2019:2472-1

OPENSUSE-SU-2019:2474-1

OPENSUSE-SU-2019_2472-1

OPENSUSE-SU-2019_2474-1

OPENSUSE-SU-2024:11229-1

OPENSUSE-SU-2024:13862-1

PYSEC-2020-163

PYSEC-2020-182

RHSA-2021:4702

SUSE-SU-2019:2891-1

SUSE-SU-2019:2891-2

SUSE-SU-2019:3024-1

SUSE-SU-2019_2891-1

SUSE-SU-2019_2891-2

SUSE-SU-2019_3024-1

USN-4196-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Python-Ecdsa

PT-2019-4890 · Python+3 · Python-Ecdsa+3

CVE-2019-14859

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51