Safety vulnerability ID: 64459
The information on this page was manually curated by our Cybersecurity Intelligence Team.
[This advisory has been limited. Please create a free account to view the full advisory.]
Latest version: 0.19.1
ECDSA cryptographic signature library (pure python)
[This affected versions has been limited. Please create a free account to view the full affected versions.]
[This fixed versions has been limited. Please create a free account to view the full fixed versions.]
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists. See CVE-2024-23342.
MISC:https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md: https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md
MISC:https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp: https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp
MISC:https://minerva.crocs.fi.muni.cz/: https://minerva.crocs.fi.muni.cz/
MISC:https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application