The vulnerability arises from missing point‑on‑curve validation in the function sjcl.ecc.basicKey.publicKey(), as detailed in the CVE description. An attacker can send crafted off‑curve public keys to the library and observe the raw x‑coordinate output of dhJavaEc(). This plaintext oracle permits extraction of a victim’s ECDH private key, thereby compromising the confidentiality of any data protected with that key. The weakness is classified under CWE‑325 (Improper Validation) and CWE‑347 (Invalid Algorithm Parameter).

All releases of the sjcl JavaScript cryptography library are affected; the CVE description explicitly states "All versions of the package sjcl are vulnerable". Any application that utilizes sjcl’s ECDH functions, especially dhJavaEc(), is subject to this flaw. No vendor‑specific version information beyond the library itself is provided.

With a CVSS score of 8.7 the vulnerability is high severity, yet the EPSS score of less than 1% indicates a low probability of exploitation in the present threat landscape. The CVE notes that the issue is not listed in CISA’s KEV catalog. The likely attack vector is remote: an adversary who can supply a public key to the library—such as through client‑side or server‑side JavaScript execution—can exploit the missing validation and obtain the private key by observing ECDH outputs; this inference is based on the description of the oracle provided in the CVE.