CVE-2024-23342

Summary

The ecdsa PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.

Affected Software

VendorProductVersion RangeStatus
tlsfuzzerpython-ecdsa<= 0.18.0affected

Weaknesses

  • CWE-203: CWE-203: Observable Discrepancy
  • CWE-208: CWE-208: Observable Timing Discrepancy
  • CWE-385: CWE-385: Covert Timing Channel

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References