CVE-2022-23002— Point Compression/Decompression of NIST P-256 points with X coordinate of zero
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-23002
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Point Compression/Decompression of NIST P-256 points with X coordinate of zero
Source: NVD (National Vulnerability Database)
Vulnerability Description
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对异常条件检查或处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Western Digital Sweet B 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Western Digital Sweet B是美国Western Digital公司的一个使用 NIST P-256 和 SECG secp256k1 曲线实现公钥椭圆曲线加密 (ECC) 的库。 Western Digital Sweet B library存在安全漏洞,攻击者利用该漏洞在使用该库的应用程序中造成错误场景,从而对单个用户造成有限的拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Western Digital | Sweet B Library | Sweet B Library ~ v2 | - |
II. Public POCs for CVE-2022-23002
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-23002
请登录查看更多情报信息。
Same Patch Batch · Western Digital · 2022-07-29 · 4 CVEs total
| CVE-2022-23001 | 5.3 MEDIUM | Sweet-B Library: Point compress/decompress using the wrong bit for sign |
| CVE-2022-23003 | 5.3 MEDIUM | Shared secret or Point multiplication of NIST P-256 points with X coordinate of zero |
| CVE-2022-23004 | 5.3 MEDIUM | Algorithm incorrectly returning error and Invalid unreduced value written to output buffer |
IV. Related Vulnerabilities
Same vendor: Western Digital
Same weakness: CWE-703
- CVE-2026-34388
Fleet vulnerable to Denial of Service via unhandled gRPC log - CVE-2025-59787
HTTP 5XX Internal Server Errors - CVE-2026-28407
malcontent's nested archive extraction failure can drop cont - CVE-2026-1996
Certain HP OfficeJet Pro Printers – Denial of Service - CVE-2025-68135
EVerest's inadequate exception handling leads to denial of s
V. Comments for CVE-2022-23002
No comments yet