CVE-2026-4258
HIGH
7,7
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.
347
Improper Verification of Cryptographic Signature
DraftCommon Consequences
Security Scopes Affected:
Access Control
Integrity
Confidentiality
Potential Impacts:
Gain Privileges Or Assume Identity
Modify Application Data
Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47
https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js%23L454-L461
https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331ff…
https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617