CVE-2024-23342 HIGH

CVE-2024-23342: python-ecdsa vulnerable to Minerva attack on P-256

Vendor Tlsfuzzer

Product python-ecdsa

Weakness CWE-203

Published January 22, 2024

Last update May 30, 2025

View on NVD All CVEs

CVSS base score

7.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

Description

The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.

Key dates

Disclosure timeline

January 22, 2024 CVE published

May 30, 2025 Record updated