python-ecdsaproject python-ecdsa CVE-2019-14859 in Python Ecdsaproject and Red Hat Products
Published on January 2, 2020

product logo product logo
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.

NVD

Weakness Type

Improper Verification of Cryptographic Signature

The software does not verify, or incorrectly verifies, the cryptographic signature for data.


Products Associated with CVE-2019-14859

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-14859 are published in these products:

Python Ecdsaproject Python Ecdsa
 
Red Hat Ceph Storage
 
Red Hat Openstack
 
Red Hat Virtualization
 

Affected Versions

Red Hat python-ecdsa Version all python-ecdsa versions before 0.13.3 is affected by CVE-2019-14859

Exploit Probability

EPSS
0.07%
Percentile
20.29%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.