Home > Vulnerability Database > CVE-2024-26317

Mend.io Vulnerability Database

CVE-2024-26317

Date: January 26, 2025

In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.

Severity Score

6.1

Related Resources (5)

Url: https://drive.google.com/file/d/1aGLAFz20-fc7ZLiWouegyK_65jCkGTDb/view?usp=sharing

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-26317

Url: https://github.com/illumos/illumos-gate

Url: https://rashidkhanpathan.github.io/posts/CVE-2024-26317-Elliptic-curve-point-addition-error/

Url: https://www.mend.io/vulnerability-database/CVE-2024-26317

Severity Score

6.1

Weakness Type (CWE)

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-26317

Date: January 26, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?