CVE-2021-43393

Published: Mar 4, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://community.st.com/s/toparticles

x_refsource_MISC

https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-169/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-43393

Description

Affected Products

References