CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-43571

The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/starkbank/ecdsa-node/releases/tag/v1.1.3
https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
https://github.com/starkbank/ecdsa-node/releases/tag/v1.1.3
https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/

Products affected by CVE-2021-43571

Starkbank » Ecdsa-Node » Version: 1.1.2

cpe:2.3:a:starkbank:ecdsa-node:1.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43571

Products

Pricing

Contact Us