High severityNVD Advisory· Published Feb 24, 2024· Updated Nov 1, 2024
CVE-2024-21502
CVE-2024-21502
Description
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fastecdsaPyPI | < 2.3.2 | 2.3.2 |
Affected products
2- fastecdsa/fastecdsadescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-ph86-g9r3-5qw4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21502ghsaADVISORY
- gist.github.com/keltecc/49da037072276f21b005a8337c15db26ghsaWEB
- github.com/AntonKueltz/fastecdsa/blob/v2.3.1/src/curveMath.c%23L210ghsaWEB
- github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36ghsaWEB
- security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045ghsaWEB
News mentions
0No linked articles in our index yet.