CVE-2024-26317

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-327
View all →

Vulnerability Description

In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.

Related Vulnerabilities

CVE-2025-26486

MEDIUM
CVSS:6.0(Medium)

Use of a Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerability in Beta80 L...

CWE-3272025

CVE-2019-9095

MEDIUM
CVSS:6.2(Medium)

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to i...

CWE-3272019

CVE-2011-2487

MEDIUM
CVSS:5.9(Medium)

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

CWE-3272011

CVE-2017-10668

MEDIUM
CVSS:5.9(Medium)

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker ...

CWE-3272017

CVE-2017-17167

MEDIUM
CVSS:5.9(Medium)

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algor...

CWE-3272017

CVE-2017-17382

MEDIUM
CVSS:5.9(Medium)

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote a...

CWE-3272017