CVE-2019-14853

HIGH

python-ecdsa < 0.13.3 - Denial of Service via Malformed DER Signature Handling

Title source: llm

Description

An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

References (4)

Core 4

Core References

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853

Release Notes x_refsource_misc

https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3

Mailing List mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Dec/33

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4588

Scores

CVSS v3 7.5

EPSS 0.0250

EPSS Percentile 82.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-755 CWE-391

Status published

Products (2)

pypi/ecdsa 0 - 0.13.3PyPI

python-ecdsa_project/python-ecdsa < 0.13.3

Published Nov 26, 2019

Tracked Since Feb 18, 2026