Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23004

When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.

Published

2022-07-29T19:15:08.417

Last Modified

2024-11-21T06:47:47.213

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-703
CWE-707
Type: Primary
CWE-682

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	westerndigital	sweet_b	1	Yes

References

https://www.westerndigital.com/support/product-security/wdc-22013-sweet-b-incorrect-output-vulnerabilities Product, Vendor Advisory ([email protected])
https://www.westerndigital.com/support/product-security/wdc-22013-sweet-b-incorrect-output-vulnerabilities Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)