Primary

Context

Cloudflare CIRCL Library ECC P384 Curve Incorrect Value Calculation Vulnerability

Vulnerability

Patched

A vulnerability exists in the Cloudflare CIRCL cryptographic library, specifically in the ECC P384 package, related to the CombinedMult function. This function generates incorrect values for certain inputs on the secp384r1 curve. The issue arises from the use of incomplete addition formulas. However, ECDH and ECDSA signing operations that depend on this curve are not impacted. The vulnerability has been addressed in version 1.6.3.

Impact

The vulnerability leads to incorrect value calculations in elliptic curve operations, which could potentially disrupt cryptographic processes that rely on accurate computations.

Remediation

Users can upgrade to Cloudflare CIRCL version 1.6.3 to address this vulnerability.

Added: Feb 24, 2026, 8:26 AM

Updated: Feb 24, 2026, 3:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

7.7

relevance

3.1

threat

6.4

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

7.7

relevance

3.1

threat

6.4

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloudflare CIRCL Library ECC P384 Curve Incorrect Value Calculation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cloudflare CIRCL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating