CVE-2022-23001

Name of the Vulnerable Software and Affected Versions Sweet B library (affected versions not specified)

Description The issue arises from an incorrect choice of sign bit when compressing or decompressing elliptic curve points using the Sweet B library. An attacker with user-level privileges can exploit this by knowing the public key and the library, potentially causing errors in other operations, such as signature verification under a decompressed public key. This could lead to a limited denial of service for an individual user in applications that use the library.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.