Description

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Remediation

References

https://github.com/developmentil/ecdh/issues/3

Related Vulnerabilities

CVE-2019-10757 Vulnerability in maven package org.webjars.npm:knex

CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment

CVE-2020-7687 Vulnerability in npm package fast-http

CVE-2022-31129 Vulnerability in npm package moment

CVE-2023-3691 Vulnerability in maven package org.webjars.npm:layui

Severity

High

Classification

CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Issue Tracking