We found results for “”
CVE-2022-44310
Good to know:
Date: February 24, 2023
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Exposure of Resource to Wrong Sphere
CWE-668Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |