CVE-2017-8932

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html	Patch Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html	Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1859
https://bugzilla.redhat.com/show_bug.cgi?id=1455191	Issue Tracking Third Party Advisory
https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c	Issue Tracking Patch Third Party Advisory
https://github.com/golang/go/issues/20040	Third Party Advisory
https://go-review.googlesource.com/c/41070/	Vendor Advisory
https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/
http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html	Patch Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html	Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1859
https://bugzilla.redhat.com/show_bug.cgi?id=1455191	Issue Tracking Third Party Advisory
https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c	Issue Tracking Patch Third Party Advisory
https://github.com/golang/go/issues/20040	Third Party Advisory
https://go-review.googlesource.com/c/41070/	Vendor Advisory
https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:golang:go::::::::
	cpe:2.3:a:golang:go:1.8:::::::*
	cpe:2.3:a:golang:go:1.8.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*
	cpe:2.3:o:fedoraproject:fedora:25:::::::*
	cpe:2.3:o:opensuse:leap:42.2:::::::*

History

21 Nov 2024, 03:35

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html - Patch, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html - Patch, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html - Patch, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html - Patch, Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:1859 -~~	() https://access.redhat.com/errata/RHSA-2017:1859 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=1455191 - Issue Tracking, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1455191 - Issue Tracking, Third Party Advisory
References	~~() https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c - Issue Tracking, Patch, Third Party Advisory~~	() https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c - Issue Tracking, Patch, Third Party Advisory
References	~~() https://github.com/golang/go/issues/20040 - Third Party Advisory~~	() https://github.com/golang/go/issues/20040 - Third Party Advisory
References	~~() https://go-review.googlesource.com/c/41070/ - Vendor Advisory~~	() https://go-review.googlesource.com/c/41070/ - Vendor Advisory
References	~~() https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ - Vendor Advisory~~	() https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ - Vendor Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/ -

Information

Published : 2017-07-06 16:29

Updated : 2024-11-21 03:35

NVD link : CVE-2017-8932

Mitre link : CVE-2017-8932

CVE.ORG link : CVE-2017-8932

JSON object : View

Products Affected

fedoraproject

fedora

golang

novell

suse_package_hub_for_suse_linux_enterprise

opensuse

leap

CWE

CWE-682

Incorrect Calculation

{"id": "CVE-2017-8932", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-07-06T16:29:00.420", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1859", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/golang/go/issues/20040", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://go-review.googlesource.com/c/41070/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1859", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/golang/go/issues/20040", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://go-review.googlesource.com/c/41070/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-682"}]}], "descriptions": [{"lang": "en", "value": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries."}, {"lang": "es", "value": "Un error en la implementaci\u00f3n de la biblioteca est\u00e1ndar ScalarMult de curve P-256 para arquitecturas amd64 en Go anterior a versi\u00f3n 1.7.6 y 1.8.x anterior a versi\u00f3n 1.8.2, causa resultados incorrectos para ser generados por puntos de entrada espec\u00edficos. Se puede montar un ataque adaptativo para extraer progresivamente la entrada scalar hacia ScalarMult mediante el env\u00edo de puntos creados y observando fallos para la salida correcta derivada. Esto conduce a un ataque de recuperaci\u00f3n de clave completa contra ECDH est\u00e1tico, tal y como es usado en las bibliotecas populares JWT."}], "lastModified": "2024-11-21T03:35:00.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8244E4BF-E822-40BF-B436-35B073514530", "versionEndIncluding": "1.7.5"}, {"criteria": "cpe:2.3:a:golang:go:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19B9EAD3-EF36-4F95-8DB4-9FB8E19CC0D0"}, {"criteria": "cpe:2.3:a:golang:go:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0DC2B77-B2C2-41AE-B51E-A766C79AA00F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5BEF8F1-A70F-455C-BFDD-09E0A658F702"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA"}, {"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-8932

5.9^/10

4.3^/10

Attach tags to `CVE-2017-8932`