An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python-ecdsa | Python-ecdsa_project | * | 0.13.3 (excluding) |
Python-ecdsa | Ubuntu | bionic | * |
Python-ecdsa | Ubuntu | disco | * |
Python-ecdsa | Ubuntu | eoan | * |
Python-ecdsa | Ubuntu | trusty | * |
Python-ecdsa | Ubuntu | upstream | * |
Python-ecdsa | Ubuntu | xenial | * |
Red Hat Satellite 6.10 for RHEL 7 | RedHat | python-ecdsa-0:0.13.3-2.el7pc | * |
Red Hat Satellite 6.10 for RHEL 7 | RedHat | python-ecdsa-0:0.13.3-2.el7pc | * |