5.9
CVE-2017-7781
- EPSS 2.76%
- Veröffentlicht 11.06.2018 21:29:08
- Zuletzt bearbeitet 21.11.2024 03:32:38
- CVE-Watchlists
- Unerledigt
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.76% | 0.843 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
http://www.securitytracker.com/id/1039124
https://www.mozilla.org/security/advisories/mfsa2017-18/
http://www.securityfocus.com/bid/100383
https://bugzilla.mozilla.org/show_bug.cgi?id=1352039