The python-ecdsa package is a pure Python implementation of elliptic curve cryptography algorithms including ECDSA, EdDSA, and ECDH. Prior to version 0.19.2, a vulnerability exists in the low-level DER parsing routines, specifically in the function ecdsa.der.remove_octet_string(). This function improperly handles DER-encoded OCTET STRINGs where the declared length field exceeds the actual data length available. For example, if an OCTET STRING declares a length of 4096 bytes but only 3 bytes are provided, the parser incorrectly accepts the input instead of rejecting it as malformed. When such crafted DER data is processed by SigningKey.from_der(), it triggers an internal exception (IndexError: index out of bounds on dimension 1) rather than a controlled error like UnexpectedDER or ValueError. This improper input validation (CWE-20) and buffer length mismanagement (CWE-130) can cause applications that parse untrusted DER private keys to crash unexpectedly. Since the exception is not gracefully handled by the library, this leads to a denial of service condition. The vulnerability has a CVSS 3.1 base score of 5.3 (medium severity), with network attack vector, low attack complexity, no privileges required, and no user interaction needed. No known exploits are currently reported in the wild. The issue is fixed in python-ecdsa version 0.19.2, which properly validates DER lengths and rejects malformed inputs cleanly.

This vulnerability primarily impacts the availability of applications relying on python-ecdsa to parse DER-encoded private keys, especially when processing untrusted or attacker-controlled inputs. An attacker can cause denial of service by supplying malformed DER data that triggers unhandled exceptions and crashes the application. While confidentiality and integrity are not directly affected, the disruption of cryptographic operations can impact services relying on digital signatures or key exchanges, potentially halting secure communications or authentication processes. Systems that do not implement robust exception handling around the python-ecdsa library are particularly vulnerable. This can affect servers, cryptographic tools, or any software components that accept DER-encoded keys from external sources. Given the network attack vector and no requirement for authentication, the vulnerability could be exploited remotely, increasing the risk of widespread service interruptions.

The primary mitigation is to upgrade the python-ecdsa package to version 0.19.2 or later, where the DER parsing functions properly validate input lengths and reject malformed data. Additionally, developers should implement robust exception handling around calls to SigningKey.from_der() and other DER parsing functions to gracefully handle unexpected errors without crashing the application. Input validation should be enforced at higher layers to reject suspicious or malformed DER inputs before they reach the cryptographic library. For critical systems, consider implementing runtime monitoring to detect abnormal crashes or exceptions related to cryptographic operations. If upgrading immediately is not feasible, applying patches or backporting the fix to the affected versions is recommended. Finally, restrict exposure of services that accept DER-encoded keys from untrusted sources and apply network-level protections such as rate limiting and input filtering to reduce attack surface.