CVE-2022-24884HIGHCVSS 7.5fixed in 0.4.12022-05-06
CVE-2022-24884 [HIGH] CWE-347 CVE-2022-24884: ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[pr
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does
nvd