data/osv/GO-2023-1765.json

{
  "schema_version": "1.3.1",
  "id": "GO-2023-1765",
  "modified": "0001-01-01T00:00:00Z",
  "published": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2023-1732",
    "GHSA-2q89-485c-9j2x"
  ],
  "summary": "Leaked shared secret and weak blinding in github.com/cloudflare/circl",
  "details": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.",
  "affected": [
    {
      "package": {
        "name": "github.com/cloudflare/circl",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.3"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/cloudflare/circl/abe/cpabe/tkn20/internal/tkn",
            "symbols": [
              "EncryptCCA"
            ]
          },
          {
            "path": "github.com/cloudflare/circl/blindsign/blindrsa",
            "symbols": [
              "RSAVerifier.Blind"
            ]
          },
          {
            "path": "github.com/cloudflare/circl/kem/frodo/frodo640shake",
            "symbols": [
              "PublicKey.EncapsulateTo",
              "scheme.Encapsulate",
              "scheme.EncapsulateDeterministically"
            ]
          },
          {
            "path": "github.com/cloudflare/circl/kem/kyber/kyber1024",
            "symbols": [
              "PublicKey.EncapsulateTo",
              "scheme.Encapsulate",
              "scheme.EncapsulateDeterministically"
            ]
          },
          {
            "path": "github.com/cloudflare/circl/kem/kyber/kyber512",
            "symbols": [
              "PublicKey.EncapsulateTo",
              "scheme.Encapsulate",
              "scheme.EncapsulateDeterministically"
            ]
          },
          {
            "path": "github.com/cloudflare/circl/kem/kyber/kyber768",
            "symbols": [
              "PublicKey.EncapsulateTo",
              "scheme.Encapsulate",
              "scheme.EncapsulateDeterministically"
            ]
          },
          {
            "path": "github.com/cloudflare/circl/kem/sike/sikep434",
            "symbols": [
              "scheme.Encapsulate"
            ]
          },
          {
            "path": "github.com/cloudflare/circl/kem/sike/sikep503",
            "symbols": [
              "scheme.Encapsulate"
            ]
          },
          {
            "path": "github.com/cloudflare/circl/kem/sike/sikep751",
            "symbols": [
              "scheme.Encapsulate"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"
    },
    {
      "type": "FIX",
      "url": "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8"
    }
  ],
  "database_specific": {
    "url": "https://pkg.go.dev/vuln/GO-2023-1765"
  }
}