CVE-2020-12607

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail.
Configurations

Configuration 1

cpe:2.3:a:fastecdsa_project:fastecdsa:*:*:*:*:*:*:*:*

Information

Published : 2020-06-02 09:15

Updated : 2020-06-03 01:47


NVD link : CVE-2020-12607

Mitre link : CVE-2020-12607

Products Affected
No products.
CWE
CWE-347

Improper Verification of Cryptographic Signature