GO-2023-1595

Source

https://pkg.go.dev/vuln/GO-2023-1595

Import Source

https://vuln.go.dev/ID/GO-2023-1595.json

Aliases

CVE-2023-24533
GHSA-f6hc-9g49-xmx7

Published

2023-02-28T22:54:56Z

Modified

2023-11-08T04:11:46.925268Z

Details

Multiplication of certain unreduced P-256 scalars produce incorrect results.

There are no protocols known at this time that can be attacked due to this.

References

https://go.dev/issue/58647
https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244

Affected packages

Go / filippo.io/nistec

Package

Name: filippo.io/nistec

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.0.2

Ecosystem specific

{
    "imports": [
        {
            "path": "filippo.io/nistec",
            "goarch": [
                "amd64",
                "arm64",
                "ppc64le",
                "s390x"
            ],
            "symbols": [
                "P256Point.ScalarBaseMult",
                "P256Point.ScalarMult",
                "p256OrdInverse"
            ]
        }
    ]
}