GHSA-9wx7-jrvc-28mm

Source

https://github.com/advisories/GHSA-9wx7-jrvc-28mm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-9wx7-jrvc-28mm/GHSA-9wx7-jrvc-28mm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9wx7-jrvc-28mm

Published

2021-11-08T21:51:18Z

Modified

2024-12-06T05:33:51.827944Z

Summary

Signature verification vulnerability in Stark Bank ecdsa libraries

Details

An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-347"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-08T21:34:42Z"
}

References

Affected packages

PyPI / starkbank-ecdsa

Package

Name: starkbank-ecdsa; View open source insights on deps.dev
Purl: pkg:pypi/starkbank-ecdsa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.1

Affected versions

0.*

0.1

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

1.*

1.0.0

1.1.0

1.1.1

2.*

2.0.0

Maven / com.starkbank:ecdsa-java

Package

Name: com.starkbank:ecdsa-java; View open source insights on deps.dev
Purl: pkg:maven/com.starkbank/ecdsa-java

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.1

Affected versions

1.*

1.0.0

NuGet / starkbank-ecdsa

Package

Name: starkbank-ecdsa; View open source insights on deps.dev
Purl: pkg:nuget/starkbank-ecdsa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.3.1

Fixed

1.3.2

Affected versions

1.*

1.3.1

npm / starkbank-ecdsa

Package

Name: starkbank-ecdsa; View open source insights on deps.dev
Purl: pkg:npm/starkbank-ecdsa

Affected ranges

Type: SEMVER
Events: Introduced

1.1.2

Fixed

1.1.3

Affected versions

1.*

1.1.2