CVE-2020-12607

Name of the Vulnerable Software and Affected Versions fastecdsa versions prior to 2.1.2

Description An issue was discovered in the ECDSA implementation when using the NIST P-256 curve. The point at infinity is mishandled, which means that for extreme values in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem, as there are threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail.

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the NIST P-256 curve in the ECDSA implementation until a patch is available.