starkbank/ecdsa-java

Releases4

Frequency2 years 3 days

Last Release about 2 months ago

Stars36

A lightweight and fast pure Java ECDSA library

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-43570 ↗	Nov 9, 2021Tuesday, 9 November 2021, 22:15	9.8 CRITICAL	7.5 HIGH
The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.