CVE-2022-23001 – When compressing or decompressing elliptic curve points using the Sweet B library, an inco …

29 July 2022

Vuln ID: CVE-2022-23001

Published: 2022-07-29 19:15:08Z

Description: When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user’s assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.

Source: NVD.NIST.GOV

Date:

29 July 2022

Categorie(s):

NVD

Tag(s):

NVD

Sorenson Capital leads $7.95M seed investment in cyberthreat intelligence provider VulnCheck19 April 2024
How AI Enhances Cybersecurity: Expert Insights from Khurram Mir of Kualitatem19 April 2024
LastPass users targeted by vishing attackers19 April 2024
Hackers Target Middle East Governments with Evasive “CR4T” Backdoor19 April 2024
6 Surprising Ways Hackers Can Exploit Your Smart Home Devices19 April 2024