CVE-2022-23001— Sweet-B Library: Point compress/decompress using the wrong bit for sign
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-23001
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sweet-B Library: Point compress/decompress using the wrong bit for sign
Source: NVD (National Vulnerability Database)
Vulnerability Description
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
数值计算不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Western Digital Sweet B 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Western Digital Sweet B是美国Western Digital公司的一个使用 NIST P-256 和 SECG secp256k1 曲线实现公钥椭圆曲线加密 (ECC) 的库。 Western Digital Sweet B library存在安全漏洞,该漏洞源于压缩或解压缩椭圆曲线点时,使用了错误的符号位选择。具有用户级别特权且没有其他用户帮助的攻击者可以在只知道公钥和库的情况下利用此漏洞。攻击者可能利用该漏洞在使用该库的应用程序中造成错误场景,从而对单个用户造成有限的拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Western Digital | Sweet B Library | Sweet B Library ~ v2 | - |
II. Public POCs for CVE-2022-23001
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-23001
请登录查看更多情报信息。
Same Patch Batch · Western Digital · 2022-07-29 · 4 CVEs total
| CVE-2022-23002 | 5.3 MEDIUM | Point Compression/Decompression of NIST P-256 points with X coordinate of zero |
| CVE-2022-23003 | 5.3 MEDIUM | Shared secret or Point multiplication of NIST P-256 points with X coordinate of zero |
| CVE-2022-23004 | 5.3 MEDIUM | Algorithm incorrectly returning error and Invalid unreduced value written to output buffer |
IV. Related Vulnerabilities
Same vendor: Western Digital
Same weakness: CWE-682
- CVE-2026-44498
ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops - CVE-2026-1229
Incorrect calculation in CIRCL secp384r1 CombinedMult - CVE-2026-24783
soroban-fixed-point-math has Incorrect Rounding and Overflow - CVE-2026-21911
Junos OS Evolved: Flapping management interface causes MAC l - CVE-2025-59047
matrix-sdk-base has panic in the `RoomMember::normalized_pow
V. Comments for CVE-2022-23001
No comments yet