Description
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability is an improper length validation in the ecdsa package’s DER parser. When a private key is encoded with an OCTET STRING length that exceeds the supplied data, the parser accepts the truncated input instead of rejecting it. This causes SigningKey.from_der() to raise an internal IndexError exception, which applications that do not handle unexpected exceptions will not recover from, leading to a crash and a denial of service. The weakness is a failure to perform proper bounds checking (CWE‑130) and an improper input validation flaw (CWE‑20).

Affected Systems

The python-ecdsa library provided by tlsfuzzer is affected. Versions prior to 0.19.2 are vulnerable. Any application that imports python-ecdsa and processes user-supplied DER private keys is subject to the flaw.

Risk and Exploitability

Risk is moderate, with a CVSS score of 5.3 and an EPSS score below 1%, and the flaw is not listed in KEV. The issue can be exploited by supplying a malformed DER private key; no authentication is required beyond the ability to provide that data to an application that uses python-ecdsa. The attack vector is likely remote if the application exposes an API that accepts DER keys, or local if any user can trigger the parsing. An attacker can cause an application to crash, resulting in denial of service if the host does not recover.

Generated by OpenCVE AI on April 2, 2026 at 04:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade python-ecdsa to version 0.19.2 or newer.
  • Ensure that any code parsing DER private keys includes comprehensive exception handling to capture unexpected IndexError, not just specific ExpectedDER or ValueError exclusions.
  • Perform strict length validation of incoming DER data before passing it to the ecdsa library.

Generated by OpenCVE AI on April 2, 2026 at 04:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9f5j-8jwj-x28g python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:tlsfuzzer:ecdsa:*:*:*:*:*:python:*:*
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Tlsfuzzer
Tlsfuzzer ecdsa
Vendors & Products Tlsfuzzer
Tlsfuzzer ecdsa

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.
Title python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Weaknesses CWE-130
CWE-20
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Tlsfuzzer Ecdsa
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-01T13:44:46.297Z

Reserved: 2026-03-24T19:50:52.103Z

Link: CVE-2026-33936

cve-icon Vulnrichment

Updated: 2026-04-01T13:44:42.315Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T23:17:13.733

Modified: 2026-04-01T13:23:21.680

Link: CVE-2026-33936

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-27T22:08:22Z

Links: CVE-2026-33936 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:55:17Z

Weaknesses