CVE-2022-23002

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue occurs when compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero. The resulting output is not properly reduced modulo the P-256 field prime and is invalid. This may cause an error when used in other operations, potentially allowing an attacker to leverage it for a limited denial of service attack against an individual user. The impact is limited to applications using the affected library and cannot extend to other components.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.