GHSA-2q89-485c-9j2x

Suggest an improvement
Source
https://github.com/advisories/GHSA-2q89-485c-9j2x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-2q89-485c-9j2x/GHSA-2q89-485c-9j2x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2q89-485c-9j2x
Aliases
Related
Published
2023-05-11T20:40:54Z
Modified
2023-11-08T04:11:18.953209Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS Calculator
Summary
Improper random reading in CIRCL
Details

Impact

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.

The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

Patches

The fix was introduced in CIRCL v. 1.3.3

References

Affected packages

Go / github.com/cloudflare/circl

Package

Name
github.com/cloudflare/circl
View open source insights on deps.dev
Purl
pkg:golang/github.com/cloudflare/circl

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.3