Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shared secret or Point multiplication of NIST P-256 points with X coordinate of zero
Vulnerability Description
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
对异常条件检查或处理不恰当
Vulnerability Title
Western Digital Sweet B 安全漏洞
Vulnerability Description
Western Digital Sweet B是美国Western Digital公司的一个使用 NIST P-256 和 SECG secp256k1 曲线实现公钥椭圆曲线加密 (ECC) 的库。 Western Digital Sweet B library存在安全漏洞,攻击者利用该漏洞可使用该库在应用程序中造成错误场景或错误选择会话密钥,从而导致对单个用户的有限拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A