CVE-2020-12607
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-12607
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12607.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-12607
- Aliases
- Published
- 2020-06-02T21:15:10Z
- Modified
- 2025-09-19T11:38:21.030127Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail.
- References
-
- https://github.com/AntonKueltz/fastecdsa/commit/4a16daeaf139be20654ef58a9fe4c79dc030458c
- https://github.com/AntonKueltz/fastecdsa/commit/7b64e3efaa806b4daaf73bb5172af3581812f8de
- https://github.com/AntonKueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1
- https://github.com/AntonKueltz/fastecdsa/issues/52
Affected packages
Git / github.com/antonkueltz/fastecdsa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/antonkueltz/fastecdsa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
v1.*
v1.0.1
v1.0.2
v1.0.3
v1.1.3
v1.2.1
v1.3.1
v1.3.2
v1.4.1
v1.4.2
v1.5.1
v1.5.2
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v2.*
v2.0.0
v2.1.0
v2.1.1
v2.1.2
Database specific
{
"vanir_signatures": [
{
"digest": {
"function_hash": "93520763919975657384232032081005663602",
"length": 830.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/antonkueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1",
"id": "CVE-2020-12607-66ce0194",
"deprecated": false,
"target": {
"file": "src/curveMath.c",
"function": "pointZZ_pDouble"
}
},
{
"digest": {
"function_hash": "114807553560984464700912165694170755712",
"length": 1007.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/antonkueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1",
"id": "CVE-2020-12607-765a86e6",
"deprecated": false,
"target": {
"file": "src/curveMath.c",
"function": "pointZZ_pMul"
}
},
{
"digest": {
"function_hash": "237713034721248222028732838030589999764",
"length": 794.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/antonkueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1",
"id": "CVE-2020-12607-9ebef2d1",
"deprecated": false,
"target": {
"file": "src/curveMath.c",
"function": "pointZZ_pAdd"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"295440111576572506065665976290646547187",
"196854035119909962313773951870531590818",
"317871309843992884374969037078204491522",
"104375746076562032098332227659040301528",
"65416599458374717787017732325794096570",
"177423792026663125093054846541122329542",
"218619352812740939546316886251052461695",
"40930251885493100673819922373020214212",
"243540426651314462511606196020035304659",
"273798193599705150604646108665496793181",
"170054887755278315323162088544007563571",
"197353946011006447932649302589988372905",
"234408837222518631626031317531483544714",
"74221276442437195587473428445690813998"
]
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/antonkueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1",
"id": "CVE-2020-12607-adb032bc",
"deprecated": false,
"target": {
"file": "src/curveMath.c"
}
}
]
}