7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
All versions of the package sjcl are vulnerable to Improper …
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.
References
- https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617
- https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47
- https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js%23L454-L461
- https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331ff…
- https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47 exploit
- https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617 exploit
Affected products
- *
Matching in nixpkgs
pkgs.python312Packages.sjcl
Decrypt and encrypt messages compatible to the "Stanford Javascript Crypto Library (SJCL)" message format
pkgs.python313Packages.sjcl
Decrypt and encrypt messages compatible to the "Stanford Javascript Crypto Library (SJCL)" message format
pkgs.python314Packages.sjcl
Decrypt and encrypt messages compatible to the "Stanford Javascript Crypto Library (SJCL)" message format
Package maintainers
-
@binsky08 Timo Triebensky <timo@binsky.org>