cve/CVE-2022-23003.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.

POC

Reference

https://www.westerndigital.com/support/product-security/wdc-22013-sweet-b-incorrect-output-vulnerabilities

Github

No PoCs found on GitHub currently.

1.1 KiB Raw Blame History

CVE-2022-23003

Description

POC

Reference

Github

1.1 KiB

Raw Blame History