Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-8nfq-s4yw-5yab

Summary Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.

Aliases

alias	CVE-2024-21502

alias	GHSA-ph86-g9r3-5qw4

alias	PYSEC-2024-39

Fixed_packages

url	pkg:pypi/fastecdsa@2.3.2
purl	pkg:pypi/fastecdsa@2.3.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.3.2

Affected_packages

url pkg:pypi/fastecdsa@1.0.0b1

purl pkg:pypi/fastecdsa@1.0.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.0b1

url pkg:pypi/fastecdsa@1.0.1b1

purl pkg:pypi/fastecdsa@1.0.1b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.1b1

url pkg:pypi/fastecdsa@1.0.1b2

purl pkg:pypi/fastecdsa@1.0.1b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.1b2

url pkg:pypi/fastecdsa@1.0.1b3

purl pkg:pypi/fastecdsa@1.0.1b3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.1b3

url pkg:pypi/fastecdsa@1.0.1

purl pkg:pypi/fastecdsa@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.1

url pkg:pypi/fastecdsa@1.0.2

purl pkg:pypi/fastecdsa@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.2

url pkg:pypi/fastecdsa@1.0.3

purl pkg:pypi/fastecdsa@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.3

url pkg:pypi/fastecdsa@1.1.0

purl pkg:pypi/fastecdsa@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.1.0

url pkg:pypi/fastecdsa@1.1.1

purl pkg:pypi/fastecdsa@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.1.1

url pkg:pypi/fastecdsa@1.1.2

purl pkg:pypi/fastecdsa@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.1.2

url pkg:pypi/fastecdsa@1.1.3

purl pkg:pypi/fastecdsa@1.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.1.3

url pkg:pypi/fastecdsa@1.2.1

purl pkg:pypi/fastecdsa@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.2.1

url pkg:pypi/fastecdsa@1.3.1

purl pkg:pypi/fastecdsa@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.3.1

url pkg:pypi/fastecdsa@1.3.2

purl pkg:pypi/fastecdsa@1.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.3.2

url pkg:pypi/fastecdsa@1.4.1

purl pkg:pypi/fastecdsa@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.4.1

url pkg:pypi/fastecdsa@1.4.2

purl pkg:pypi/fastecdsa@1.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.4.2

url pkg:pypi/fastecdsa@1.4.3

purl pkg:pypi/fastecdsa@1.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.4.3

url pkg:pypi/fastecdsa@1.5.1

purl pkg:pypi/fastecdsa@1.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.5.1

url pkg:pypi/fastecdsa@1.5.2

purl pkg:pypi/fastecdsa@1.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.5.2

url pkg:pypi/fastecdsa@1.6.1

purl pkg:pypi/fastecdsa@1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.1

url pkg:pypi/fastecdsa@1.6.2

purl pkg:pypi/fastecdsa@1.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.2

url pkg:pypi/fastecdsa@1.6.3

purl pkg:pypi/fastecdsa@1.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.3

url pkg:pypi/fastecdsa@1.6.4

purl pkg:pypi/fastecdsa@1.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.4

url pkg:pypi/fastecdsa@1.6.5

purl pkg:pypi/fastecdsa@1.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.5

url pkg:pypi/fastecdsa@1.7.0

purl pkg:pypi/fastecdsa@1.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.0

url pkg:pypi/fastecdsa@1.7.1

purl pkg:pypi/fastecdsa@1.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.1

url pkg:pypi/fastecdsa@1.7.2

purl pkg:pypi/fastecdsa@1.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.2

url pkg:pypi/fastecdsa@1.7.3

purl pkg:pypi/fastecdsa@1.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.3

url pkg:pypi/fastecdsa@1.7.4

purl pkg:pypi/fastecdsa@1.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.4

url pkg:pypi/fastecdsa@1.7.5

purl pkg:pypi/fastecdsa@1.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.5

url pkg:pypi/fastecdsa@2.0.0

purl pkg:pypi/fastecdsa@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.0.0

url pkg:pypi/fastecdsa@2.1.0

purl pkg:pypi/fastecdsa@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.0

url pkg:pypi/fastecdsa@2.1.1

purl pkg:pypi/fastecdsa@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.1

url pkg:pypi/fastecdsa@2.1.2

purl pkg:pypi/fastecdsa@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.2

url pkg:pypi/fastecdsa@2.1.3

purl pkg:pypi/fastecdsa@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.3

url pkg:pypi/fastecdsa@2.1.4

purl pkg:pypi/fastecdsa@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.4

url pkg:pypi/fastecdsa@2.1.5

purl pkg:pypi/fastecdsa@2.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.5

url pkg:pypi/fastecdsa@2.2.0

purl pkg:pypi/fastecdsa@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.2.0

url pkg:pypi/fastecdsa@2.2.1

purl pkg:pypi/fastecdsa@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.2.1

url pkg:pypi/fastecdsa@2.2.2

purl pkg:pypi/fastecdsa@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.2.2

url pkg:pypi/fastecdsa@2.2.3

purl pkg:pypi/fastecdsa@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.2.3

url pkg:pypi/fastecdsa@2.3.0

purl pkg:pypi/fastecdsa@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.3.0

url pkg:pypi/fastecdsa@2.3.1

purl pkg:pypi/fastecdsa@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.3.1

References

reference_url	https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26
reference_id
reference_type
scores
url	https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26

reference_url	https://github.com/AntonKueltz/fastecdsa
reference_id
reference_type
scores
url	https://github.com/AntonKueltz/fastecdsa

reference_url	https://github.com/AntonKueltz/fastecdsa/blob/v2.3.1/src/curveMath.c%23L210
reference_id
reference_type
scores
url	https://github.com/AntonKueltz/fastecdsa/blob/v2.3.1/src/curveMath.c%23L210

reference_url	https://github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36
reference_id
reference_type
scores
url	https://github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36

reference_url	https://security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045
reference_id
reference_type
scores
url	https://security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-21502
reference_id	CVE-2024-21502
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-21502

reference_url	https://github.com/advisories/GHSA-ph86-g9r3-5qw4
reference_id	GHSA-ph86-g9r3-5qw4
reference_type
scores
url	https://github.com/advisories/GHSA-ph86-g9r3-5qw4

Weaknesses

cwe_id	457
name	Use of Uninitialized Variable
description	The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

cwe_id	908
name	Use of Uninitialized Resource
description	The product uses or accesses a resource that has not been initialized.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nfq-s4yw-5yab

Vulnerability Instance