CVE-2021-43570

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT

Description

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

starkbank/ecdsa-java
starkbank/ecdsa-java
A lightweight and fast pure Java ECDSA library
GitHubGitHub
36