Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.8 views

CVE-2022-23003

When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...

5.3CVSS6.9AI score0.00615EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/01/22 9:35 p.m.114 views

Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...

7.4CVSS6.8AI score0.00977EPSS
Exploits1References6Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.4 views

SUSE CVE-2015-8803

The ecc256modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

9.8CVSS7.3AI score0.04212EPSS
Exploits0References5
NVD
NVD
added 2022/07/29 7:15 p.m.16 views

CVE-2022-23003

When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...

5.3CVSS0.00615EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/29 6:55 p.m.32 views

CVE-2022-23004 Algorithm incorrectly returning error and Invalid unreduced value written to output buffer

When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario,...

5.3CVSS5.6AI score0.00615EPSS
Exploits0References1
CVE
CVE
added 2022/07/29 6:55 p.m.63 views

CVE-2022-23004

CVE-2022-23004 affects the Western Digital Sweet B library (ECC on NIST P-256). When performing a shared secret calculation or point multiplication with a public key whose X coordinate is zero, the library returns an error and writes an invalid unreduced value to the output buffer, potentially al...

5.3CVSS5.3AI score0.00615EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/29 12:0 a.m.3 views

PT-2022-15772 · Western Digital +1 · Sweet B Library +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when computing a shared secret or point multiplication on the NIST P-256 curve, resulting in an X coordinate of zero. The output is not...

5.3CVSS5.2AI score0.00615EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/29 12:0 a.m.9 views

PT-2022-15773 · Western Digital +1 · Sweet B Library +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned fro...

5.3CVSS5.2AI score0.00615EPSS
Exploits0References5
NVD
NVD
added 2020/06/02 9:15 p.m.24 views

CVE-2020-12607

An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a...

7.5CVSS7.4AI score0.01268EPSS
Exploits1References4
Into the symmetry
Into the symmetry
added 2017/08/09 11:59 a.m.273 views

CVE-2017-7781/CVE-2017-10176: Issue with elliptic curve addition in mixed Jacobian-affine coordinates in Firefox/Java

tl;dr Firefox and Java suffered from a moderate vulnerability affecting the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINTATINFINITY when it should not. Introduction Few months ago I was working on a vulnerability affecting th...

7.5CVSS7.7AI score0.05034EPSS
Exploits1
OSV
OSV
added 2015/12/31 12:0 a.m.4 views

UBUNTU-CVE-2015-8805

The ecc256modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

9.8CVSS7.2AI score0.02791EPSS
Exploits0References6
Rows per page
Query Builder