CVE-2022-24884

Name of the Vulnerable Software and Affected Versions ecdsautils versions prior to 0.4.1

Description The issue is related to the ecdsa verify [prepare ]legacy() function, which does not check whether the signature values r and s are non-zero. This allows for trivial signature forgery, as a signature consisting only of zeroes is always considered valid. Requiring multiple signatures from different public keys does not mitigate the issue, as ecdsa verify list legacy() will accept an arbitrary number of such forged signatures. Both the ecdsautil verify CLI command and the libecdsautil library are affected.

Recommendations For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the ecdsa verify [prepare ]legacy() function until a patch is available. Restrict access to the ecdsautil verify CLI command and the libecdsautil library to minimize the risk of exploitation. Avoid using the ecdsa verify list legacy() function with multiple signatures from different public keys until the issue is resolved.