VDB
GHSA-2MRJ-435V-C2CR
GHSA-2MRJ-435V-C2CR
PUBLISHED
CVSS 3.700000047683716 LOW
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
Risk Scores
CVSS v3.0
3.700000047683716
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| csaf_redhat | tfm-rubygem-prometheus-client-0:1.0.0-3.el7sat.noarch | |
| csaf_redhat | python3-aiohttp-xmlrpc-0:1.3.1-1.el7pc.noarch | |
| csaf_redhat | qpid-cpp-debuginfo-0:1.36.0-32.el7_9amq.x86_64 | |
| csaf_redhat | tfm-rubygem-pg-debuginfo-0:1.1.4-4.el7sat.x86_64 | |
| csaf_redhat | tfm-rubygem-hammer_cli_foreman_bootdisk-0:0.3.0-2.el7sat.noarch | |
| csaf_redhat | tfm-rubygem-activerecord-0:6.0.3.7-1.el7sat.noarch | |
| csaf_redhat | tfm-rubygem-sinatra-0:2.1.0-2.el7sat.src | |
| csaf_redhat | tfm-rubygem-hammer_cli_foreman_openscap-0:0.1.12-2.el7sat.noarch | |
| csaf_redhat | tfm-rubygem-redfish_client-0:0.5.2-2.el7sat.src | |
| csaf_redhat | libmodulemd2-0:2.9.3-1.el7pc.src | |
| csaf_redhat | tfm-rubygem-foreman_templates-0:9.1.0-1.el7sat.noarch | |
| csaf_redhat | python-toml-0:0.10.2-1.el7pc.src | |
| csaf_opensuse | python310-ecdsa-0.19.0-1.1.ppc64le | |
| csaf_redhat | python-dateutil-0:2.8.1-3.el7pc.src | |
| csaf_redhat | tfm-rubygem-actionmailer-0:6.0.3.7-1.el7sat.noarch | |
| csaf_redhat | tfm-rubygem-ruby-libvirt-0:0.7.1-2.el7sat.x86_64 | |
| csaf_suse | SUSE Linux Enterprise Module for Basesystem 15 SP2 | |
| csaf_redhat | keycloak-httpd-client-install-0:1.2.2-2.el7sat.src | |
| csaf_redhat | tfm-rubygem-rack-0:2.2.3-2.el7sat.src | |
| csaf_redhat | gofer-0:2.12.5-7.el7sat.src |
…and 1003 more
Exploit Intelligence
- A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package. (github-poc-repo)
- A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package. (github-poc-repo)
- A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package. (github-poc-repo)
- A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package. (github-poc-repo)
- A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package. (github-poc-repo)
- CVE-2020-14343的payload (github-poc-repo)
- CVE-2020-14343的payload (github-poc-repo)
- CVE-2020-14343的payload (github-poc-repo)
- CVE-2020-14343的payload (github-poc-repo)
- CVE-2020-14343的payload (github-poc-repo)
…and 165 more exploits
Timeline
- CVE Published
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Distribution Patch
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory
- Mar 2, 2026 Security Advisory