CVE-2022-44310
Description
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Development IL ecdh library before 0.2.0 fails to validate public key points, allowing an attacker to send an invalid point and compute a predictable shared secret.
Vulnerability
Overview The Development IL ecdh library before version 0.2.0 contains a critical flaw in its deriveSharedSecret function. The function only checks the format of the public key object but does not validate that the public key point actually lies on the intended elliptic curve [1][3]. This missing validation opens the door to an invalid curve attack.
Exploitation
Method An attacker can exploit this vulnerability by sending a crafted public key that is not on the curve, such as the point (0, 0). When the victim's deriveSharedSecret function processes this invalid point, it computes a shared secret that is always zero (or another predictable value) [3]. The attack requires no authentication and can be performed over the network during an ECDH key exchange.
Impact
By forcing the shared secret to a known value, the attacker can decrypt any subsequent communications that rely on that secret. This effectively breaks the confidentiality of the ECDH key agreement, allowing the attacker to eavesdrop on or manipulate encrypted data [1].
Mitigation
The vulnerability has been addressed in version 0.2.0 of the library, which includes proper validation of public key points [2]. Users are strongly advised to upgrade to this version or later. No known workarounds exist for versions prior to 0.2.0.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ecdhnpm | < 0.2.0 | 0.2.0 |
Affected products
3- Development IL/ecdhdescription
- Range: <0.2.0
Patches
1ef4560e7233fMerge pull request #4 from shilohshi/master
1 file changed · +24 −2
index.js+24 −2 modified@@ -161,8 +161,30 @@ PrivateKey.prototype.derivePublicKey = function() { return new PublicKey(this.curve, P); }; +PrivateKey.prototype.onCurve = function(publicKey) { + var x = publicKey.Q.getX().x, + y = publicKey.Q.getY().x, + a = this.curve.curve.a.x, + b = this.curve.curve.b.x, + q = this.curve.curve.q; + + if(x.compareTo(BigInteger.ZERO) < 0 || x.compareTo(q) >= 0) + return false; + + if(y.compareTo(BigInteger.ZERO) < 0 || y.compareTo(q) >= 0) + return false; + + var left = (y.pow(2)).mod(q), + right = (((x.pow(3)).add(a.multiply(x))).add(b)).mod(q); + + if (left.compareTo(right) == 0) + return true + else + return false +}; + PrivateKey.prototype.deriveSharedSecret = function(publicKey) { - if(!publicKey || !publicKey.Q) + if(!publicKey || !publicKey.Q || !this.onCurve(publicKey)) throw new Error('publicKey is invaild'); var S = publicKey.Q.multiply(this.d); @@ -302,4 +324,4 @@ function deserializeSig(buf) { r: new BigInteger(rBa.toString('hex'), 16), s: new BigInteger(sBa.toString('hex'), 16) }; -} \ No newline at end of file +}
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.