CVE-2024-21502
HIGHAntonkueltz Fastecdsa < 2.3.2 - Use of Uninitialized Resource
Title source: ruleDescription
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.
Scores
CVSS v3
7.5
EPSS
0.0015
EPSS Percentile
34.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-457
CWE-908
Status
published
Products (2)
antonkueltz/fastecdsa
< 2.3.2
pypi/fastecdsa
0 - 2.3.2PyPI
Published
Feb 24, 2024
Tracked Since
Feb 18, 2026