CVE-2022-24884: 
NixOS vulnerability analysis and mitigation

CVE-2022-24884 affects ecdsautils, a tiny collection of programs used for ECDSA (keygen, sign, verify). The vulnerability was discovered and disclosed in May 2022, impacting all versions of ecdsautils prior to 0.4.1. The issue affects both the ecdsautil verify CLI command and the libecdsautil library (GitHub Advisory).

The vulnerability stems from the ecdsa_verify_[prepare_]legacy() function not checking whether the signature values r and s are non-zero. This implementation flaw means that a signature consisting only of zeroes is always considered valid. The issue is particularly severe because requiring multiple signatures from different public keys does not mitigate the problem - ecdsa_verify_list_legacy() will accept an arbitrary number of such forged signatures. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) by NIST and 10.0 (Critical) by GitHub (NVD).

The vulnerability allows attackers to bypass signature verification by using forged signatures consisting of zero values. This completely undermines the cryptographic security of the signature verification process, making it trivial to forge valid signatures (GitHub Advisory).

The vulnerability has been fixed in ecdsautils version 0.4.1. The fix implements proper verification of signature values by checking that both r and s values are non-zero. Users are strongly recommended to upgrade to version 0.4.1 or later. The fix is API and ABI compatible with version 0.4.0 (GitHub Advisory).

Multiple Linux distributions responded to this vulnerability by releasing security updates, including Debian (DSA-5132-1) and Fedora (versions 34, 35, and 36). The vulnerability was considered significant enough to warrant immediate security advisories from these major distributions (Debian Security, Fedora Update).