A flaw was found in all python-ecdsa versions prior to 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python-ecdsa project python-ecdsa |
||
redhat ceph storage 2.0 |
||
redhat ceph storage 3.0 |
||
redhat openstack 10 |
||
redhat openstack 13 |
||
redhat openstack 14 |
||
redhat openstack 15 |
||
redhat virtualization 4.0 |