Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
使用未经初始化的变量
Vulnerability Title
fastecdsa 安全漏洞
Vulnerability Description
fastecdsa是Antonkueltz个人开发者的一款用于快速椭圆曲线加密的Python库。 fastecdsa 2.3.2之前版本存在安全漏洞,该漏洞源于容易在堆栈上使用未初始化的变量,攻击者利用此漏洞可以造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A