blob: cffe14a4a5e4945f726aa8e9dd27bfd3d84dee5b [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2023-1765",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2023-1732",
"GHSA-2q89-485c-9j2x"
],
"summary": "Leaked shared secret and weak blinding in github.com/cloudflare/circl",
"details": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.",
"affected": [
{
"package": {
"name": "github.com/cloudflare/circl",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.3"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/cloudflare/circl/abe/cpabe/tkn20/internal/tkn",
"symbols": [
"EncryptCCA"
]
},
{
"path": "github.com/cloudflare/circl/blindsign/blindrsa",
"symbols": [
"RSAVerifier.Blind"
]
},
{
"path": "github.com/cloudflare/circl/kem/frodo/frodo640shake",
"symbols": [
"PublicKey.EncapsulateTo",
"scheme.Encapsulate",
"scheme.EncapsulateDeterministically"
]
},
{
"path": "github.com/cloudflare/circl/kem/kyber/kyber1024",
"symbols": [
"PublicKey.EncapsulateTo",
"scheme.Encapsulate",
"scheme.EncapsulateDeterministically"
]
},
{
"path": "github.com/cloudflare/circl/kem/kyber/kyber512",
"symbols": [
"PublicKey.EncapsulateTo",
"scheme.Encapsulate",
"scheme.EncapsulateDeterministically"
]
},
{
"path": "github.com/cloudflare/circl/kem/kyber/kyber768",
"symbols": [
"PublicKey.EncapsulateTo",
"scheme.Encapsulate",
"scheme.EncapsulateDeterministically"
]
},
{
"path": "github.com/cloudflare/circl/kem/sike/sikep434",
"symbols": [
"scheme.Encapsulate"
]
},
{
"path": "github.com/cloudflare/circl/kem/sike/sikep503",
"symbols": [
"scheme.Encapsulate"
]
},
{
"path": "github.com/cloudflare/circl/kem/sike/sikep751",
"symbols": [
"scheme.Encapsulate"
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"
},
{
"type": "FIX",
"url": "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2023-1765",
"review_status": "REVIEWED"
}
}