12 matches found
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
EUVD-2022-28112
Malicious code in bioql PyPI...
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
Code injection
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
CVE-2022-23001
The CVE-2022-23001 entry concerns the Western Digital Sweet B library, which implements public-key elliptic-curve cryptography (NIST P-256 and SECG secp256k1). The vulnerability stems from selecting the wrong sign bit during compression or decompression of elliptic-curve points. An attacker with ...
CVE-2022-23001 Sweet-B Library: Point compress/decompress using the wrong bit for sign
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
Western Digital Sweet B 安全漏洞
Western Digital Sweet B is a library from Western Digital, Inc. that implements public key elliptic curve cryptography ECC using NIST P-256 and SECG secp256k1 curves. A security vulnerability exists in the Western Digital Sweet B library that arises from the use of incorrect sign bit selection wh...
Western Digital Sweet B 安全漏洞
Western Digital Sweet B is a library from Western Digital, Inc. that implements public-key elliptic curve cryptography ECC using NIST P-256 and SECG secp256k1 curves. A security vulnerability exists in the Western Digital Sweet B library, which could be exploited by an attacker to cause a limited...
Western Digital Sweet B 安全漏洞
Western Digital Sweet B is a library from Western Digital, Inc. that implements public key elliptic curve cryptography ECC using NIST P-256 and SECG secp256k1 curves. A security vulnerability exists in the Western Digital Sweet B library, which can be exploited by an attacker to cause a limited...
PT-2022-15770 · Unknown · Sweet B Library
Name of the Vulnerable Software and Affected Versions: Sweet B library affected versions not specified Description: The issue arises from an incorrect choice of sign bit when compressing or decompressing elliptic curve points using the Sweet B library. An attacker with user-level privileges can...