{"id":"CVE-2021-43572","details":"The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.","aliases":["GHSA-92vm-mxjf-jqf3","PYSEC-2021-426"],"modified":"2026-03-14T11:16:15.145184Z","published":"2021-11-09T22:15:07.727Z","references":[{"type":"ADVISORY","url":"https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1"},{"type":"FIX","url":"https://github.com/starkbank/ecdsa-python/commit/d136170666e9510eb63c2572551805807bd4c17f"},{"type":"EVIDENCE","url":"https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/starkbank/ecdsa-python","events":[{"introduced":"0"},{"fixed":"cb6d807a697d952916a0c46ce05ddd4d78718ca7"},{"fixed":"d136170666e9510eb63c2572551805807bd4c17f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.1"}]}}],"versions":["v0.1","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.7","v0.1.8","v0.1.9","v1.0.0","v1.1.0","v1.1.1","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43572.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}