CVE-2024-26317

Name of the Vulnerable Software and Affected Versions: illumos illumos-gate (affected versions not specified)

Description: An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT AT INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in the attacked party computing an incorrect shared secret.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.