Search for vulnerabilities
Vulnerability details: VCID-e2ej-8y6t-4khu
Vulnerability ID VCID-e2ej-8y6t-4khu
Aliases CVE-2017-7781
Summary An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-681 Incorrect Conversion between Numeric Types
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7781.json
epss 0.00459 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00459 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00459 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
epss 0.00779 https://api.first.org/data/v1/epss?cve=CVE-2017-7781
cvssv2 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 4.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2017-7781
cvssv3 5.9 https://nvd.nist.gov/vuln/detail/CVE-2017-7781
archlinux Critical https://security.archlinux.org/AVG-375
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2017-18
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7781.json
https://api.first.org/data/v1/epss?cve=CVE-2017-7781
https://bugzilla.mozilla.org/show_bug.cgi?id=1352039
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.mozilla.org/security/advisories/mfsa2017-18/
http://www.securityfocus.com/bid/100383
http://www.securitytracker.com/id/1039124
1479197 https://bugzilla.redhat.com/show_bug.cgi?id=1479197
ASA-201708-3 https://security.archlinux.org/ASA-201708-3
AVG-375 https://security.archlinux.org/AVG-375
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CVE-2017-7781 https://nvd.nist.gov/vuln/detail/CVE-2017-7781
mfsa2017-18 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18
USN-3391-1 https://usn.ubuntu.com/3391-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7781.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7781
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7781
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.63274
EPSS Score 0.00459
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:18.776704+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2017/mfsa2017-18.yml 37.0.0