CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23342.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-203",
        "CWE-208",
        "CWE-385"
    ]
}

References

Affected packages

Git / github.com/tlsfuzzer/python-ecdsa

Affected ranges

Type

GIT

Repo

https://github.com/tlsfuzzer/python-ecdsa

Events

Introduced

Last affected

341e0d8be9fedf66fbc9a95630b4ed2138343380

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.18.0"
        }
    ],
    "cpe": "cpe:2.3:a:tlsfuzzer:ecdsa:*:*:*:*:*:python:*:*",
    "source": "CPE_RANGE"
}

Affected versions

python-ecdsa-0.*

python-ecdsa-0.10

python-ecdsa-0.11

python-ecdsa-0.12

python-ecdsa-0.13

python-ecdsa-0.14

python-ecdsa-0.14.1

python-ecdsa-0.15

python-ecdsa-0.16.0

python-ecdsa-0.16.1

python-ecdsa-0.17.0

python-ecdsa-0.18.0

python-ecdsa-0.18.0b1

python-ecdsa-0.18.0b2

python-ecdsa-0.5

python-ecdsa-0.6

python-ecdsa-0.7

python-ecdsa-0.8

python-ecdsa-0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23342.json"