CVE-2019-14853

Aliases:GHSA-2mrj-435v-c2crGHSA-pwfw-mgfj-7g3gPYSEC-2019-177

Advisory lineage Upstream: 0 Downstream: 14

Downstream

DEBIAN-CVE-2019-14853 DLA-1978-1 DSA-4588-1 MGASA-2020-0002 OPENSUSE-SU-2019:2472-1 OPENSUSE-SU-2019:2474-1

Modified

Published: 26 Nov 2019, 12:06

Last modified:05 Aug 2024, 00:26

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.08% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Nov 2019, 12:06

Published

Vulnerability first disclosed

05 Aug 2024, 00:26

Last Modified

Vulnerability information updated

Description

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

CVSS Metrics

v4.0•HIGH•Score: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v3.0•LOW•Score: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.08%• Percentile: 23%

Techniques & Countermeasures

CWE-755•Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
CWE-391•Unchecked Error Condition
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

Affected Systems

PyPI•ecdsa
< 0.13.3
python-ecdsa_project•python-ecdsa
< 0.13.3
[unknown]•python-ecdsa
0.13.3