Homepage
About Snyk

fastecdsa@2.1.4 vulnerabilities

Fast elliptic curve digital signatures

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the fastecdsa package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Use of Uninitialized Variable

fastecdsa is a python package for doing fast elliptic curve cryptography, specifically digital signatures.

Affected versions of this package are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.

How to fix Use of Uninitialized Variable?

Upgrade fastecdsa to version 2.3.2 or higher.

[,2.3.2)
Go back to all versions of this package