Vulnerability-Lookup

GHSA-2Q89-485C-9J2X

Vulnerability from github – Published: 2023-05-11 20:40 – Updated: 2023-05-24 18:31

Summary

Improper random reading in CIRCL

Details

Impact

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.

The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

Patches

The fix was introduced in CIRCL v. 1.3.3

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cloudflare/circl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-1732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-11T20:40:54Z",
    "nvd_published_at": "2023-05-10T12:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nWhen sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether `crypto/rand.Read()` returns an error. In rare deployment cases (error thrown by the `Read()` function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides `crypto/rand.Reader`, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n\n### Patches\nThe fix was introduced in CIRCL v. 1.3.3\n",
  "id": "GHSA-2q89-485c-9j2x",
  "modified": "2023-05-24T18:31:42Z",
  "published": "2023-05-11T20:40:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1732"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/circl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/circl/releases/tag/v1.3.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper random reading in CIRCL"
}

CVE-2023-1732 (GCVE-0-2023-1732)

Vulnerability from cvelistv5 – Published: 2023-05-10 11:41 – Updated: 2025-01-27 18:32

Title

Improper random reading in CIRCL

Summary

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

CWE

CWE-20 - Improper Input Validation
CWE-755 - Improper Handling of Exceptional Conditions

Assigner

cloudflare

References

1 reference

URL	Tags
https://github.com/cloudflare/circl/security/advi…

Impacted products

1 product

Vendor	Product	Version
Cloudflare	CIRCL	Affected: 0 , < <1.3.3 (semver)

Credits

Tom Thorogood

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:24.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1732",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T18:32:18.233703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-27T18:32:25.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/cloudflare/circl",
          "defaultStatus": "unaffected",
          "platforms": [
            "Go"
          ],
          "product": "CIRCL",
          "vendor": "Cloudflare",
          "versions": [
            {
              "lessThan": "\u003c1.3.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tom Thorogood"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWhen sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether \u003ccode\u003ecrypto/rand.Read()\u003c/code\u003e\u0026nbsp;returns an error. In rare deployment cases (error thrown by the \u003ccode\u003eRead()\u003c/code\u003e\u0026nbsp;function), this could lead to a predictable shared secret.\u003c/p\u003e\u003cp\u003eThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides \u003ccode\u003ecrypto/rand.Reader\u003c/code\u003e, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\u003c/p\u003e"
            }
          ],
          "value": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read()\u00a0returns an error. In rare deployment cases (error thrown by the Read()\u00a0function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-620",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-620 Drop Encryption Level"
            }
          ]
        },
        {
          "capecId": "CAPEC-20",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-20 Encryption Brute Forcing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-10T11:41:53.902Z",
        "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
        "shortName": "cloudflare"
      },
      "references": [
        {
          "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper random reading in CIRCL",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
    "assignerShortName": "cloudflare",
    "cveId": "CVE-2023-1732",
    "datePublished": "2023-05-10T11:41:53.902Z",
    "dateReserved": "2023-03-30T15:16:57.957Z",
    "dateUpdated": "2025-01-27T18:32:25.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted