11 matches found
CVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...
Minerva timing attack on P-256 in python-ecdsa
python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...
SUSE CVE-2015-8803
The ecc256modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...
CVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...
CVE-2022-23004 Algorithm incorrectly returning error and Invalid unreduced value written to output buffer
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario,...
CVE-2022-23004
CVE-2022-23004 affects the Western Digital Sweet B library (ECC on NIST P-256). When performing a shared secret calculation or point multiplication with a public key whose X coordinate is zero, the library returns an error and writes an invalid unreduced value to the output buffer, potentially al...
PT-2022-15772 · Western Digital +1 · Sweet B Library +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when computing a shared secret or point multiplication on the NIST P-256 curve, resulting in an X coordinate of zero. The output is not...
PT-2022-15773 · Western Digital +1 · Sweet B Library +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned fro...
CVE-2020-12607
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...
CVE-2017-7781/CVE-2017-10176: Issue with elliptic curve addition in mixed Jacobian-affine coordinates in Firefox/Java
tl;dr Firefox and Java suffered from a moderate vulnerability affecting the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINTATINFINITY when it should not. Introduction Few months ago I was working on a vulnerability affecting th...
UBUNTU-CVE-2015-8805
The ecc256modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...