Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

Published

2023-03-08T20:15:09.413

Last Modified

2024-11-21T07:48:04.383

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-682

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	golang	go	< 1.19.7	Yes
Application	golang	go	< 1.20.2	Yes

References

https://go.dev/cl/471255 Patch ([email protected])
https://go.dev/issue/58647 Issue Tracking, Patch ([email protected])
https://groups.google.com/g/golang-announce/c/3-TpUx48iQY Mailing List, Release Notes ([email protected])
https://pkg.go.dev/vuln/GO-2023-1621 Third Party Advisory ([email protected])
https://go.dev/cl/471255 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://go.dev/issue/58647 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/3-TpUx48iQY Mailing List, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://pkg.go.dev/vuln/GO-2023-1621 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230331-0011/ (af854a3a-2127-422b-91ae-364da2661108)