PyPI: ecdsa
CVE-2024-23342
Safety vulnerability ID: SFTY-20240123-52021
Safety legacy ID: pyup.io-64459
The python-ecdsa library, which implements ECDSA cryptography in Python, is vulnerable to the Minerva attack (CVE-2024-23342). This vulnerability arises because scalar multiplication is not performed in constant time, affecting ECDSA signatures, key generation, and ECDH operations. ECDSA signature verification remains unaffected. The project maintainers have stated that there is no plan to release a fix for this vulnerability, citing their security policy: "As stated in the security policy, side-channel vulnerabilities are outside the scope of the project. This is not due to a lack of interest in side-channel secure implementations but rather because the main goal of the project is to be pure Python. Implementing side-channel-free code in pure Python is impossible. Therefore, we do not plan to release a fix for this vulnerability." NOTE: The specs we include in this advisory differ from the publicly available on other sources. That's because research by Safety CLI Cybersecurity Team confirms that there is no plan to address this vulnerability.
Overview
Minerva timing attack on P-256 in python-ecdsa
Advisory
The python-ecdsa library, which implements ECDSA cryptography in Python, is vulnerable to the Minerva attack (CVE-2024-23342). This vulnerability arises because scalar multiplication is not performed in constant time, affecting ECDSA signatures, key generation, and ECDH operations. ECDSA signature verification remains unaffected. The project maintainers have stated that there is no plan to release a fix for this vulnerability, citing their security policy: "As stated in the security policy, side-channel vulnerabilities are outside the scope of the project. This is not due to a lack of interest in side-channel secure implementations but rather because the main goal of the project is to be pure Python. Implementing side-channel-free code in pure Python is impossible. Therefore, we do not plan to release a fix for this vulnerability." NOTE: The specs we include in this advisory differ from the publicly available on other sources. That's because research by Safety CLI Cybersecurity Team confirms that there is no plan to address this vulnerability.
How to Fix
We recommend updating ecdsa to the latest non-vulnerable version.
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20240123-52021/CVE-2024-23342
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23342
- https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md
- https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp
- https://minerva.crocs.fi.muni.cz/
- https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
- https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp
- https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md
- https://nvd.nist.gov/vuln/detail/CVE-2024-23342
- https://minerva.crocs.fi.muni.cz
- https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python
- https://github.com/advisories/GHSA-wj6h-64fc-37mp
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more