CVE-2019-14853Unchecked Error Condition in Project Python-ecdsa

CWE-391Unchecked Error ConditionCWE-755Improper Handling of Exceptional Conditions13 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 79.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Python-ecdsa Project Python-ecdsaTlsfuzzer Ecdsa
Timeline
PublishedNov 26
Latest updateDec 2

Description

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Ubuntupython-ecdsa_project/python-ecdsa< 0.13-2ubuntu0.16.04.1+1
PyPItlsfuzzer/ecdsa< 0.13.3

🔴Vulnerability Details

6
OSV
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA2019-12-02
OSV
CVE-2019-14853: An error-handling flaw was found in python-ecdsa before version 02019-11-26
CVEList
CVE-2019-14853: An error-handling flaw was found in python-ecdsa before version 02019-11-26
OSV
python-ecdsa vulnerabilities2019-11-18
GHSA
ecdsa Denial of Service vulnerability in signature verification and signature malleability2019-10-08

📋Vendor Advisories

3
Ubuntu
python-ecdsa vulnerabilities2019-11-18
Red Hat
python-ecdsa: Unexpected and undocumented exceptions during signature decoding2019-09-26
Debian
CVE-2019-14853: python-ecdsa - An error-handling flaw was found in python-ecdsa before version 0.13.3. During s...2019

💬Community

3
Bugzilla
CVE-2019-14853 python-ecdsa: Unexpected and undocumented exceptions during signature decoding [epel-all]2019-10-04
Bugzilla
CVE-2019-14853 python-ecdsa: Unexpected and undocumented exceptions during signature decoding2019-10-04
Bugzilla
CVE-2019-14853 python-ecdsa: Unexpected and undocumented exceptions during signature decoding [fedora-all]2019-10-04
CVE-2019-14853 — Unchecked Error Condition | cvebase