CVE-2022-39830

signpFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of ECKEYsetpublickeyaffinecoordinates, leading to a denial of service...

DEBIAN-CVE-2020-11735

The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...

UBUNTU-CVE-2020-11735

The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...

PT-2020-12433 · Arm +3 · Arm Mbed Tls +3

Name of the Vulnerable Software and Affected Versions: Arm Mbed TLS versions 2.16.6 and earlier Arm Mbed TLS versions 2.7.x through 2.7.14 Description: An issue was discovered in Arm Mbed TLS where an attacker can recover the long-term ECDSA private key by exploiting side channels in the conversi...

CVE-2017-7781/CVE-2017-10176: Issue with elliptic curve addition in mixed Jacobian-affine coordinates in Firefox/Java

tl;dr Firefox and Java suffered from a moderate vulnerability affecting the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINTATINFINITY when it should not. Introduction Few months ago I was working on a vulnerability affecting th...

CVE-2017-7781

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an...

Security vulnerabilities fixed in Firefox 55 — Mozilla

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...