ecdsa@0.13 vulnerabilities
ECDSA cryptographic signature library (pure python)
-
latest version
0.19.0
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the ecdsa package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
ecdsa is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve Digital Signature Algorithm), implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to insufficient protection. For a sophisticated attacker observing just one operation with a private key will be sufficient to completely reconstruct the private key. Note: Fixes for side-channel vulnerabilities will not be developed. How to fix Missing Encryption of Sensitive Data? There is no fixed version for |
[0,)
|
ecdsa is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve Digital Signature Algorithm), implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Timing Attack via the Notes:
How to fix Timing Attack? There is no fixed version for |
[0,)
|
ecdsa is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve Digital Signature Algorithm), implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Cryptographic Issues. A flaw exists where signatures used by DER encoding are not correctly verified. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. How to fix Cryptographic Issues? Upgrade |
[,0.13.3)
|
ecdsa is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve Digital Signature Algorithm), implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Denial of Service (DoS). During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. How to fix Denial of Service (DoS)? Upgrade |
[,0.13.3)
|
ecdsa is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve Digital Signature Algorithm), implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Timing Attack. Practical recovery of the long-term private key generated by the library is possible under certain conditions. Leakage of bit-length of a scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key. How to fix Timing Attack? Upgrade |
[,0.14)
|