data/reports/GO-2023-1595.yaml - vulndb - Git at Google

 modules:
   - module: filippo.io/nistec
     versions:
       - fixed: 0.0.2
     vulnerable_at: 0.0.1
     packages:
       - package: filippo.io/nistec
         goarch:
           - amd64
           - arm64
           - ppc64le
           - s390x
         symbols:
           - p256OrdInverse
           - P256Point.ScalarBaseMult
           - P256Point.ScalarMult
 description: |-
     Multiplication of certain unreduced P-256 scalars produce incorrect
     results.

     There are no protocols known at this time that can be attacked due
     to this.
 ghsas:
   - GHSA-f6hc-9g49-xmx7
 credit: Guido Vranken via the Ethereum Foundation bug bounty program
 references:
   - report: https://go.dev/issue/58647
   - fix: https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244
 cve_metadata:
     id: CVE-2023-24533
     cwe: 'CWE-682: Incorrect Calculation'
	modules:
	- module: filippo.io/nistec
	versions:
	- fixed: 0.0.2
	vulnerable_at: 0.0.1
	packages:
	- package: filippo.io/nistec
	goarch:
	- amd64
	- arm64
	- ppc64le
	- s390x
	symbols:
	- p256OrdInverse
	- P256Point.ScalarBaseMult
	- P256Point.ScalarMult
	description: \|-
	Multiplication of certain unreduced P-256 scalars produce incorrect
	results.

	There are no protocols known at this time that can be attacked due
	to this.
	ghsas:
	- GHSA-f6hc-9g49-xmx7
	credit: Guido Vranken via the Ethereum Foundation bug bounty program
	references:
	- report: https://go.dev/issue/58647
	- fix: https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244
	cve_metadata:
	id: CVE-2023-24533
	cwe: 'CWE-682: Incorrect Calculation'