CVE-2026-33936 Overview
CVE-2026-33936 is an input validation vulnerability in the ecdsa PyPI package, a pure Python implementation of Elliptic Curve Cryptography (ECC) supporting ECDSA, EdDSA, and ECDH. The vulnerability exists in the low-level DER (Distinguished Encoding Rules) parsing functions, specifically in the ecdsa.der.remove_octet_string() function, which incorrectly accepts truncated DER data where the encoded length exceeds the available buffer.
When processing malformed DER input, the SigningKey.from_der() function raises an internal IndexError exception rather than properly rejecting the invalid data with an expected UnexpectedDER or ValueError exception. This improper error handling can cause applications that parse untrusted DER private keys to crash, resulting in a denial of service condition.
Critical Impact
Applications processing untrusted DER-encoded private keys may crash unexpectedly when encountering crafted malicious input, causing denial of service for cryptographic operations.
Affected Products
- tlsfuzzer ecdsa versions prior to 0.19.2
- Python applications using the ecdsa package for DER parsing operations
- Systems processing untrusted ECDSA/EdDSA private keys in DER format
Discovery Timeline
- 2026-03-27 - CVE CVE-2026-33936 published to NVD
- 2026-04-01 - Last updated in NVD database
Technical Details for CVE-2026-33936
Vulnerability Analysis
This vulnerability stems from insufficient validation of the length field in DER-encoded data structures. In DER encoding, data elements include a tag, length, and value structure. The remove_octet_string() function parses OCTET STRING elements but fails to verify that the declared length does not exceed the actual buffer size before processing.
For example, a maliciously crafted OCTET STRING that declares a length of 4096 bytes but only provides 3 bytes of data passes validation when it should be rejected. When subsequent parsing operations attempt to access indices beyond the actual buffer boundaries, Python raises an IndexError with the message "index out of bounds on dimension 1" instead of the library raising a proper cryptographic parsing exception.
The vulnerability is exploitable remotely without authentication, though the impact is limited to availability as it cannot lead to data exfiltration or code execution.
Root Cause
The root cause is improper input validation (CWE-20) in the DER parsing logic. The remove_octet_string() function and related parsing routines read the length field from the DER structure and proceed to parse the body without first confirming that sufficient data exists in the input buffer to satisfy the declared length. This creates a buffer over-read condition that manifests as an unhandled IndexError exception.
Attack Vector
An attacker can exploit this vulnerability by providing a crafted DER-encoded private key to any application that uses the ecdsa library's SigningKey.from_der() function to parse untrusted input. The attack requires:
- The target application must accept DER-encoded private key data from an untrusted source
- The application must not have exception handling around the parsing operation that catches generic IndexError exceptions
- The attacker crafts a DER structure with a length field that exceeds the actual data provided
# Security patch in src/ecdsa/der.py
# Source: https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3
)
tag = s0 & 0x1F
length, llen = read_length(string[1:])
+ if length > len(string) - 1 - llen:
+ raise UnexpectedDER("Length longer than the provided buffer")
body = string[1 + llen : 1 + llen + length]
rest = string[1 + llen + length :]
return tag, body, rest
The patch adds an explicit length validation check before attempting to extract the body and rest of the DER structure, raising a proper UnexpectedDER exception when the declared length exceeds available data.
Detection Methods for CVE-2026-33936
Indicators of Compromise
- Application crashes with IndexError: index out of bounds on dimension 1 exceptions originating from the ecdsa library
- Unexpected service restarts or process terminations in applications handling DER-encoded key material
- Log entries showing failed private key parsing operations with unusual error messages
Detection Strategies
- Monitor application logs for IndexError exceptions traced to ecdsa.der module functions
- Implement dependency scanning to identify installations of ecdsa package versions prior to 0.19.2
- Use software composition analysis (SCA) tools to flag vulnerable package versions in CI/CD pipelines
- Review exception handling patterns in code that processes untrusted DER input
Monitoring Recommendations
- Configure alerting for application crashes related to cryptographic parsing operations
- Monitor for repeated parsing failures from the same source which may indicate exploitation attempts
- Track ecdsa package versions across the environment using dependency management tools
- Implement rate limiting on endpoints that accept DER-encoded key material
How to Mitigate CVE-2026-33936
Immediate Actions Required
- Upgrade the ecdsa package to version 0.19.2 or later using pip install --upgrade ecdsa>=0.19.2
- Audit applications to identify all locations where SigningKey.from_der() or related DER parsing functions are called
- Add exception handling around DER parsing operations to catch both expected (UnexpectedDER, ValueError) and unexpected (IndexError) exceptions
- Restrict acceptance of DER-encoded keys from untrusted sources where possible
Patch Information
The vulnerability is patched in version 0.19.2 of the ecdsa package. The fix adds explicit length validation in the DER parsing functions to ensure that declared lengths do not exceed available buffer sizes before attempting to parse data.
For detailed patch information, see the GitHub Security Advisory GHSA-9f5j-8jwj-x28g and the GitHub Commit Changes.
Workarounds
- Wrap all calls to SigningKey.from_der() in try-except blocks that handle IndexError in addition to the expected UnexpectedDER exception
- Validate DER input length boundaries before passing data to the ecdsa library
- Implement input sanitization to reject obviously malformed DER structures before parsing
- Consider using alternative cryptographic libraries with more robust DER validation if immediate patching is not feasible
# Configuration example - Upgrade ecdsa package
pip install --upgrade ecdsa>=0.19.2
# Verify installed version
pip show ecdsa | grep Version
# Check for vulnerable versions in requirements
pip list --outdated | grep ecdsa
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
