A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NPython Ecdsa Project Python Ecdsa
APPPython-Ecdsa Project< 0.13.3Red Hat Ceph Storage
APPRedhat2.03.0Red Hat Openstack
APPRedhat10131415Red Hat Virtualization
APPRedhat4.0
Related vulnerabilities
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write...
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be foun...
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through ver...