An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1800 advisory.

  - An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding,     malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to     a denial of service. (CVE-2019-14853)

  - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether     signatures used DER encoding. Without this verification, a malformed signature could be accepted, making     the signature malleable. Without proper verification, an attacker could use a malleable signature to     create false transactions. (CVE-2019-14859)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4702 advisory.

  - python-ecdsa: Unexpected and  undocumented exceptions during signature decoding (CVE-2019-14853)

  - python-ecdsa: DER encoding is not being verified in signatures (CVE-2019-14859)

  - rubygem-activerecord-session_store: hijack sessions by using timing attacks targeting the session id     (CVE-2019-25025)

  - PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343)

  - rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247)

  - rake: OS Command Injection via egrep in Rake::FileList (CVE-2020-8130)

  - guava: local information disclosure via temporary directory created with unsafe permissions     (CVE-2020-8908)

  - Satellite: BMC controller credential leak via API (CVE-2021-20256)

  - python-aiohttp: Open redirect in aiohttp.web_middlewares.normalize_path_middleware (CVE-2021-21330)

  - rubygem-actionpack: Possible Information Disclosure / Unintended Method Execution in Action Pack     (CVE-2021-22885)

  - rails: Possible Denial of Service vulnerability in Action Dispatch (CVE-2021-22902)

  - rails: Possible DoS Vulnerability in Action Controller Token Authentication (CVE-2021-22904)

  - django: potential directory-traversal via uploaded files (CVE-2021-28658)

  - rubygem-puma: incomplete fix for CVE-2019-16770 allows Denial of Service (DoS) (CVE-2021-29509)

  - django: Potential directory-traversal via uploaded files (CVE-2021-31542)

  - rubygem-addressable: ReDoS in templates (CVE-2021-32740)

  - django: Potential directory traversal via ``admindocs`` (CVE-2021-33203)

  - python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)

  - django: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4     addresses (CVE-2021-33571)

  - Satellite: Azure compute resource secret_key leak to authenticated users (CVE-2021-3413)

  - foreman: possible man-in-the-middle in smart_proxy realm_freeipa (CVE-2021-3494)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

py-ecdsa developers report :

Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding.

Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding

It was discovered that python-ecdsa, a cryptographic signature library for Python, incorrectly handled certain signatures. A remote attacker could use this issue to cause python-ecdsa to either not warn about incorrect signatures, or generate exceptions resulting in a denial-of-service.

It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. (CVE-2019-14853)

It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks. (CVE-2019-14859).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for python-ecdsa to version 0.13.3 fixes the following issues :

Security issues fixed :

  - CVE-2019-14853: Fixed unexpected exceptions during     signature decoding (bsc#1153165).

  - CVE-2019-14859: Fixed a signature malleability caused by     insufficient checks of DER encoding (bsc#1154217).

This update was imported from the SUSE:SLE-15:Update update project.

It was discovered that python-ecdsa, a cryptographic signature library for Python, did not correctly verify DER encoded signatures. Malformed signatures could lead to unexpected exceptions and in some cases did not raise any exception.

For Debian 8 'Jessie', these problems have been fixed in version 0.11-1+deb8u1.

We recommend that you upgrade your python-ecdsa packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to 0.13.3 - CVE-2019-14853

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
179799	Amazon Linux AMI : python-ecdsa (ALAS-2023-1800)	Nessus	Amazon Linux Local Security Checks	critical
155377	RHEL 7 : Satellite 6.10 Release (Moderate) (RHSA-2021:4702)	Nessus	Red Hat Local Security Checks	critical
139641	FreeBSD : security/py-ecdsa -- multiple issues (a23ebf36-e8b6-4665-b0f3-4c977f9a145c)	Nessus	FreeBSD Local Security Checks	critical
132110	Debian DSA-4588-1 : python-ecdsa - security update	Nessus	Debian Local Security Checks	critical
131162	Ubuntu 16.04 LTS / 18.04 LTS : python-ecdsa vulnerabilities (USN-4196-1)	Nessus	Ubuntu Local Security Checks	critical
130893	openSUSE Security Update : python-ecdsa (openSUSE-2019-2474)	Nessus	SuSE Local Security Checks	critical
130892	openSUSE Security Update : python-ecdsa (openSUSE-2019-2472)	Nessus	SuSE Local Security Checks	critical
130407	Debian DLA-1978-1 : python-ecdsa security update	Nessus	Debian Local Security Checks	critical
130301	Fedora 31 : python-ecdsa (2019-55e04129ac)	Nessus	Fedora Local Security Checks	high
130035	Fedora 29 : python-ecdsa (2019-8fcf21a816)	Nessus	Fedora Local Security Checks	high
130034	Fedora 30 : python-ecdsa (2019-5297458c78)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2019-14853

high

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

high

high

high