The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
References
Link | Resource |
---|---|
https://go.dev/cl/471255 | Patch |
https://go.dev/issue/58647 | Issue Tracking Patch |
https://groups.google.com/g/golang-announce/c/3-TpUx48iQY | Mailing List Release Notes |
https://pkg.go.dev/vuln/GO-2023-1621 | Third Party Advisory |
Configurations
History
15 Mar 2023, 17:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://pkg.go.dev/vuln/GO-2023-1621 - Third Party Advisory | |
References | (MISC) https://go.dev/cl/471255 - Patch | |
References | (MISC) https://groups.google.com/g/golang-announce/c/3-TpUx48iQY - Mailing List, Release Notes | |
References | (MISC) https://go.dev/issue/58647 - Issue Tracking, Patch | |
CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-682 |
09 Mar 2023, 14:01
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-08 20:15
Updated : 2024-02-04 23:14
NVD link : CVE-2023-24532
Mitre link : CVE-2023-24532
CVE.ORG link : CVE-2023-24532
JSON object : View
Products Affected
golang
- go
CWE
CWE-682
Incorrect Calculation