CVE-2021-43572

Improper Verification of Cryptographic Signature in pypi/starkbank-ecdsa

Identifiers

CVE-2021-43572

Package Slug

pypi/starkbank-ecdsa

Vulnerability

Improper Verification of Cryptographic Signature

Description

The verify function in the Stark Bank Python ECDSA library (ecdsa-python) fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

Affected Versions

Version 2.0.0

Solution

Upgrade to version 2.0.1 or above.

Last Modified

2021-11-15

source