CVE-2022-39830

signpFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of ECKEYsetpublickeyaffinecoordinates, leading to a denial of service...

DEBIAN-CVE-2020-11735

The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...

UBUNTU-CVE-2020-11735

The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."...

PT-2020-12433

Name of the Vulnerable Software and Affected Versions Arm Mbed TLS versions 2.16.6 and earlier Arm Mbed TLS versions 2.7.x through 2.7.14 Description An issue was discovered in Arm Mbed TLS where an attacker can recover the long-term ECDSA private key by exploiting side channels in the conversion...

CVE-2017-7781/CVE-2017-10176: Issue with elliptic curve addition in mixed Jacobian-affine coordinates in Firefox/Java

tl;dr Firefox and Java suffered from a moderate vulnerability affecting the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINTATINFINITY when it should not. Introduction Few months ago I was working on a vulnerability affecting th...

CVE-2017-7781

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an...

Security vulnerabilities fixed in Firefox 55 — Mozilla

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...