When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/product-security/wdc-22013-sweet-b-incorrect-output-vulnerabilities | Product Vendor Advisory |
https://www.westerndigital.com/support/product-security/wdc-22013-sweet-b-incorrect-output-vulnerabilities | Product Vendor Advisory |
Configurations
History
21 Nov 2024, 06:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.westerndigital.com/support/product-security/wdc-22013-sweet-b-incorrect-output-vulnerabilities - Product, Vendor Advisory |
05 Aug 2022, 18:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://www.westerndigital.com/support/product-security/wdc-22013-sweet-b-incorrect-output-vulnerabilities - Product, Vendor Advisory | |
CWE | CWE-682 | |
CPE | cpe:2.3:a:westerndigital:sweet_b:1:*:*:*:*:*:*:* |
29 Jul 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-29 19:15
Updated : 2024-11-21 06:47
NVD link : CVE-2022-23004
Mitre link : CVE-2022-23004
CVE.ORG link : CVE-2022-23004
JSON object : View
Products Affected
westerndigital
- sweet_b