First published: Fri Jul 29 2022(Updated: )
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital Sweet B | =1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23001 is a vulnerability that occurs when compressing or decompressing elliptic curve points using the Sweet B library, where an incorrect choice of sign bit is used.
The severity of CVE-2022-23001 is medium, with a severity value of 5.3.
An attacker with user level privileges and knowledge of the public key and the library can exploit CVE-2022-23001.
The Sweet B library version 1 by Western Digital is affected by CVE-2022-23001.
To fix CVE-2022-23001, it is recommended to update to a patched version of the Sweet B library provided by Western Digital.