VulnerableCode Package Details - pkg:pypi/fastecdsa@2.2.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/fastecdsa@2.2.0

Essentials
History (1)

purl	pkg:pypi/fastecdsa@2.2.0

Next non-vulnerable version	2.3.2
Latest non-vulnerable version	2.3.2
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-8nfq-s4yw-5yab Aliases: CVE-2024-21502 GHSA-ph86-g9r3-5qw4 PYSEC-2024-39	Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.	2.3.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:20:59.503673+00:00	Pypa Importer	Affected by	VCID-8nfq-s4yw-5yab	https://github.com/pypa/advisory-database/blob/main/vulns/fastecdsa/PYSEC-2024-39.yaml	38.6.0