CVE-2022-24884

NameCVE-2022-24884
Descriptionecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2997-1, DSA-5132-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ecdsautils (PTS)bullseye (security), bullseye0.3.2+git20151018-2+deb11u1fixed
bookworm0.4.1-3fixed
sid, trixie0.4.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ecdsautilssourcestretch0.3.2+git20151018-2+deb9u1DLA-2997-1
ecdsautilssourcebuster0.3.2+git20151018-2+deb10u1DSA-5132-1
ecdsautilssourcebullseye0.3.2+git20151018-2+deb11u1DSA-5132-1
ecdsautilssource(unstable)0.4.1-1

Notes

https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw
https://github.com/freifunk-gluon/ecdsautils/commit/1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 (v0.4.1)

Search for package or bug name: Reporting problems