CVE-2019-14859
published 2020-01-02CVE-2019-14859: A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-ecdsa | < python-ecdsa 0.13.3-1 (bookworm) | python-ecdsa 0.13.3-1 (bookworm) |
| python-ecdsa_project | python-ecdsa | < 0.13.3 | 0.13.3 |
| python-ecdsa_project | python-ecdsa | >= 0 < 0.13.3-1 | 0.13.3-1 |
| python-ecdsa_project | python-ecdsa | >= 0 < 0.13.3-1 | 0.13.3-1 |
| python-ecdsa_project | python-ecdsa | >= 0 < 0.13.3-1 | 0.13.3-1 |
| python-ecdsa_project | python-ecdsa | >= 0 < 0.13.3-1 | 0.13.3-1 |
| python-ecdsa_project | python-ecdsa | >= 0 < 0.13-2ubuntu0.16.04.1 | 0.13-2ubuntu0.16.04.1 |
| python-ecdsa_project | python-ecdsa | >= 0 < 0.13-2ubuntu0.18.04.1 | 0.13-2ubuntu0.18.04.1 |
| red_hat | python-ecdsa | — | — |
| redhat | ceph_storage | — | — |
| redhat | ceph_storage | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | virtualization | — | — |
| tlsfuzzer | ecdsa | >= 0 < 0.13.3 | 0.13.3 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
osv9.1CRITICAL