CVE-2021-43570

Improper Verification of Cryptographic Signature in maven/com.starkbank.ellipticcurve/starkbank-ecdsa

Identifiers

CVE-2021-43570

Package Slug

maven/com.starkbank.ellipticcurve/starkbank-ecdsa

Vulnerability

Improper Verification of Cryptographic Signature

Description

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

Affected Versions

Version 1.0.0

Solution

Upgrade to version 1.0.1 or above.

Last Modified

2021-11-15

source