CVE-2022-44310

Published: Feb 24, 2023Modified: Mar 12, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Affected (1)

Products: Ecdh Project: Ecdh

Ecdh Project

1 product

Ecdh

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ecdh Project Ecdh	Before 0.2.0

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://github.com/developmentil/ecdh/issues/3

Source: cve@mitre.org

ExploitIssue Tracking

https://github.com/developmentil/ecdh/issues/3

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.