CVE-2022-23002
CVE-2022-23002 is a medium-severity vulnerability in Westerndigital Sweet B with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-703.
Key facts
- Severity: Medium (CVSS 3.x base score 5.3)
- EPSS exploit prediction: 1% (45th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-703
- Affected product: Westerndigital Sweet B
- Published:
- Last modified:
Description
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.
Frequently asked questions
- What is CVE-2022-23002?
- When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.
- How severe is CVE-2022-23002?
- CVE-2022-23002 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2022-23002 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (45th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-23002?
- CVE-2022-23002 affects Westerndigital Sweet B. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-23002?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-23002 published?
- CVE-2022-23002 was published on 2022-07-29 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:westerndigital:sweet_b:1:*:*:*:*:*:*:*
More vulnerabilities in Westerndigital Sweet B
- CVE-2022-23004 — Medium (CVSS 5.3): When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate…
- CVE-2022-23003 — Medium (CVSS 5.3): When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero,…
- CVE-2022-23001 — Medium (CVSS 5.3): When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is…
All CVEs affecting Westerndigital Sweet B →
Other CWE-703 vulnerabilities
- CVE-2025-13026 — Critical (CVSS 9.8): Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in…
- CVE-2025-13023 — Critical (CVSS 9.8): Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in…
- CVE-2025-13022 — Critical (CVSS 9.8): Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and…
- CVE-2025-13021 — Critical (CVSS 9.8): Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and…
- CVE-2024-39815 — Critical (CVSS 9.1): Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays…
- CVE-2023-45927 — Critical (CVSS 9.1): S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().