VulnerableCode Package Details - pkg:pypi/fastecdsa@2.1.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-8nfq-s4yw-5yab Aliases: CVE-2024-21502 GHSA-ph86-g9r3-5qw4 PYSEC-2024-39	Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.	2.3.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8nfq-s4yw-5yab
Aliases:
CVE-2024-21502
GHSA-ph86-g9r3-5qw4
PYSEC-2024-39

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.

2.3.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-wu1n-6amw-tfd3	An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail.	CVE-2020-12607 GHSA-56wv-2wr9-3h9r PYSEC-2020-42

Vulnerability

Summary

Aliases

VCID-wu1n-6amw-tfd3

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail.

CVE-2020-12607
GHSA-56wv-2wr9-3h9r
PYSEC-2020-42

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:25:14.024050+00:00	GithubOSV Importer	Fixing	VCID-wu1n-6amw-tfd3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-56wv-2wr9-3h9r/GHSA-56wv-2wr9-3h9r.json	38.6.0
2026-06-02T04:40:09.806411+00:00	GitLab Importer	Fixing	VCID-wu1n-6amw-tfd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/fastecdsa/CVE-2020-12607.yml	38.6.0
2026-06-02T04:20:59.484943+00:00	Pypa Importer	Affected by	VCID-8nfq-s4yw-5yab	https://github.com/pypa/advisory-database/blob/main/vulns/fastecdsa/PYSEC-2024-39.yaml	38.6.0
2026-06-02T04:06:41.757204+00:00	Pypa Importer	Fixing	VCID-wu1n-6amw-tfd3	https://github.com/pypa/advisory-database/blob/main/vulns/fastecdsa/PYSEC-2020-42.yaml	38.6.0