CVE-2022-44310

Name of the Vulnerable Software and Affected Versions In Development IL ecdh versions prior to 0.2.0

Description An attacker can send an invalid point, not on the curve, as the public key and obtain the derived shared secret. This issue allows an attacker to potentially exploit the system by manipulating the public key exchange process.

Recommendations For versions prior to 0.2.0, update to version 0.2.0 or later to resolve the issue. As a temporary workaround, consider implementing additional validation on public keys to ensure they are valid points on the curve before deriving the shared secret.