CVE-2023-49292HIGH≥ 0, < 2.0.82023-12-05
CVE-2023-49292 [HIGH] CWE-200 github.com/ecies/go vulnerable to possible private key restoration
github.com/ecies/go vulnerable to possible private key restoration
### Impact
If functions `Encapsulate()`, `Decapsulate()` and `ECDH()` could be called by an attacker, he could recover any private key that he interacts with.
### Patches
Patched in v2.0.8
### Workarounds
You could manually check public key by calling `IsOnCurve()` function from secp256k1 libraries.
### References
https://github.c
ghsaosv