CVE-2019-14853

Improper Handling of Exceptional Conditions (CWE-755)

Published: Nov 26, 2019 / Updated: 59mo ago

010
CVSS 7.5EPSS 0.2%High
CVE info copied to clipboard

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2019-14853. See article

Oct 4, 2019 at 11:10 PM / bugzilla.redhat.com
EPSS

EPSS Score was set to: 0.2% (Percentile: 57.6%)

Sep 22, 2023 at 11:29 AM
Static CVE Timeline Graph

Affected Systems

Python-ecdsa_project/python-ecdsa
+null more

News

redhat_unpatched python-ecdsa: python-ecdsa: Unpatched vulnerabilities
Testing Last Updated: 5/11/2024 CVEs: CVE-2019-14859 , CVE-2019-14853
CVE-2019-14853 | python-ecdsa Signature Decoding DER Signature error condition
A vulnerability was found in python-ecdsa . It has been declared as problematic . This vulnerability affects unknown code of the component Signature Decoding Handler . The manipulation as part of DER Signature leads to unchecked error condition. This vulnerability was named CVE-2019-14853 . The attack can be initiated remotely. There is no exploit available.
Amazon Linux AMI : python-ecdsa (ALAS-2023-1800)
- A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. - An error-handling flaw was found in python-ecdsa before version 0.13.3.
Amazon Linux AMI update for python-ecdsa
The vulnerability allows a remote attacker to bypass certain security restrictions. The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
ALAS-2023-1800 (important): python-ecdsa
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. An error-handling flaw was found in python-ecdsa before version 0.13.3.
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI