CVE-2022-44310EPSS p46.9%

CVE-2022-44310CVE-2022-44310

ecdh_project / ecdh

Description

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS0.67% probability of exploitation · percentile 46.9% · 2026-06-18T12:00:27Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.