CVE-2019-14853

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

Published: Nov 26, 2019
Updated: May 9, 2024
CVE: CVE-2019-14853
GHSA: GHSA-pwfw-mgfj-7g3g
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-755
CWE-391

Affected Software
References

Software	From	Fixed in
python-ecdsa_project / python-ecdsa	-	0.13.3
ecdsa	-	0.13.3

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853
https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3
https://github.com/warner/python-ecdsa/security/advisories/GHSA-pwfw-mgfj-7g3g
https://seclists.org/bugtraq/2019/Dec/33
https://www.debian.org/security/2019/dsa-4588

Vulnerability Database

CVE-2019-14853

Deep Security Visibility Without the Complexity