CVE-2022-44310

HIGH

IL ecdh <0.2.0 - Info Disclosure

Title source: llm

Description

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

References (1)

[Exploit, Issue Tracking] https://github.com/developmentil/ecdh/issues/3

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 48.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (2)

ecdh_project/ecdh < 0.2.0

npm/ecdh < 0.2.0npm

Timeline

Published Feb 24, 2023

Tracked Since Feb 18, 2026