CRITICAL🇬🇧 English

CVE-2019-14859

CVSS 9.1v3.1pub. 2020-01-02upd. 2024-11-21

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Python Ecdsa Project Python Ecdsa

    APP
    Python-Ecdsa Project
    < 0.13.3
  • Red Hat Ceph Storage

    APP
    Redhat
    2.03.0
  • Red Hat Openstack

    APP
    Redhat
    10131415
  • Red Hat Virtualization

    APP
    Redhat
    4.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...

CVE-2014-6271CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...

CVE-2022-0670CRITICAL9.1ten sam produkt

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write...

CVE-2022-26148CRITICAL9.8ten sam produkt

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be foun...

CVE-2021-4048CRITICAL9.1ten sam produkt

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through ver...