Ecdsautilsproject Ecdsautils
By the Year
In 2024 there have been 0 vulnerabilities in Ecdsautilsproject Ecdsautils . Ecdsautils did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 7.50 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ecdsautils vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ecdsautilsproject Ecdsautils Security Vulnerabilities
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify)
CVE-2022-24884
7.5 - High
- May 06, 2022
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.
Improper Verification of Cryptographic Signature
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Ecdsautilsproject? Click the Watch button to subscribe.
