CVE-2022-44310

Exposure of Resource to Wrong Sphere in npm/ecdh

Identifiers

CVE-2022-44310

Package Slug

npm/ecdh

Vulnerability

Exposure of Resource to Wrong Sphere

Description

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Affected Versions

All versions before 0.2.0

Solution

Upgrade to version 0.2.0 or above.

Last Modified

2023-03-07

source