CVE-2024-23342 in python-ecdsa (Minerva)informação

Sumário

de MITRE • 23/01/2024

The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub, Inc.

Reservar

15/01/2024

Divulgação

23/01/2024

Moderação

aceite

Entrada

VDB-251742

CPE

pronto

CWE

CWE-385 (confirmado)

CVSS

7.4 (NVD)

EPSS

0.00622

KEV

não

Atividades

muito baixo

Sector

Energy, Insurance, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-23342
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-23342
CVE Details	https://www.cvedetails.com/cve/CVE-2024-23342/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!