Incorrect Calculation

CVE-2023-24533

High

7.5/10

Summary

In filippo.io/nistec prior to v0.0.2, multiplication of certain unreduced "P-256" scalars produces incorrect results. There are no protocols known at this time that can be attacked due to this.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-682 - Incorrect Calculation

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Mar 08, 2023

Incorrect Calculation

CVE-2023-24533

Summary

CWE-682 - Incorrect Calculation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS