All the vulnerabilites related to Go standard library - crypto/internal/nistec
cve-2023-24532
Vulnerability from cvelistv5
Published
2023-03-08 19:40
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
Incorrect calculation on P256 curves in crypto/internal/nistec
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | crypto/internal/nistec |
Version: 0 ≤ Version: 1.20.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:56:04.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230331-0011/" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/58647" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/471255" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2023-1621" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-24532", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T15:58:31.679478Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:58:40.921Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "crypto/internal/nistec", "product": "crypto/internal/nistec", "programRoutines": [ { "name": "P256Point.ScalarBaseMult" }, { "name": "P256Point.ScalarMult" }, { "name": "P256OrdInverse" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.19.7", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.20.2", "status": "affected", "version": "1.20.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Guido Vranken, via the Ethereum Foundation bug bounty program" } ], "descriptions": [ { "lang": "en", "value": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-682: Incorrect Calculation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:07:52.290Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/58647" }, { "url": "https://go.dev/cl/471255" }, { "url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY" }, { "url": "https://pkg.go.dev/vuln/GO-2023-1621" } ], "title": "Incorrect calculation on P256 curves in crypto/internal/nistec" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-24532", "datePublished": "2023-03-08T19:40:45.425Z", "dateReserved": "2023-01-25T21:19:20.641Z", "dateUpdated": "2024-08-02T10:56:04.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }