fastecdsa@2.1.3 vulnerabilities

Fast elliptic curve digital signatures

latest version

2.3.2
latest non vulnerable version

2.3.2
first published

8 years ago
latest version published

3 months ago
licenses detected
- CC0-1.0
  [0,)
View fastecdsa package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the fastecdsa package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Use of Uninitialized Variable fastecdsa is a python package for doing fast elliptic curve cryptography, specifically digital signatures. Affected versions of this package are vulnerable to Use of Uninitialized Variable on the stack, via the `curvemath_mul` function in `src/curveMath.c`, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary `free()`, arbitrary `realloc()`, null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability. How to fix Use of Uninitialized Variable? Upgrade `fastecdsa` to version 2.3.2 or higher.	[,2.3.2)
M Timing Attack fastecdsa is a python package for doing fast elliptic curve cryptography, specifically digital signatures. Affected versions of this package are vulnerable to Timing Attack. Practical recovery of the long-term private key generated by the library is possible under certain conditions. Leakage of bit-length of a scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key. How to fix Timing Attack? Upgrade `fastecdsa` to version 2.1.4 or higher.	[0,2.1.4)

Use of Uninitialized Variable

fastecdsa is a python package for doing fast elliptic curve cryptography, specifically digital signatures.

Affected versions of this package are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.

How to fix Use of Uninitialized Variable?

Upgrade fastecdsa to version 2.3.2 or higher.

[,2.3.2)

Timing Attack

fastecdsa is a python package for doing fast elliptic curve cryptography, specifically digital signatures.

Affected versions of this package are vulnerable to Timing Attack. Practical recovery of the long-term private key generated by the library is possible under certain conditions. Leakage of bit-length of a scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.

How to fix Timing Attack?

Upgrade fastecdsa to version 2.1.4 or higher.

[0,2.1.4)

Go back to all versions of this package

fastecdsa@2.1.3 vulnerabilities

Fast elliptic curve digital signatures

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities