VYPR

PyPI package

fastecdsa

pkg:pypi/fastecdsa

Vulnerabilities (2)

  • CVE-2024-21502Feb 24, 2024
    affected < 2.3.2fixed 2.3.2

    Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary f

  • CVE-2020-12607Jun 2, 2020
    affected < 2.1.2fixed 2.1.2

    An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavio