Python Ecdsa Python Ecdsaproject Python Ecdsa

stack.watch can notify you when security vulnerabilities are reported in Python Ecdsaproject Python Ecdsa. You can add multiple products that you use with Python Ecdsa to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in Python Ecdsaproject Python Ecdsa with an average score of 9.1 out of ten. Last year Python Ecdsa had 1 security vulnerability published. At the current rates, it appears that the number of vulerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2020 is greater by 1.60.

Year Vulnerabilities Average Score
2020 1 9.10
2019 1 7.50
2018 0 0.00

It may take a day or so for new Python Ecdsa vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Python Ecdsaproject Python Ecdsa Security Vulnerabilities

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding

CVE-2019-14859 9.1 - Critical - January 02, 2020

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.

CVE-2019-14859 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Improper Verification of Cryptographic Signature

An error-handling flaw was found in python-ecdsa before version 0.13.3

CVE-2019-14853 7.5 - High - November 26, 2019

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

CVE-2019-14853 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Handling of Exceptional Conditions