| id: GO-2023-2380 |
| modules: |
| - module: github.com/ecies/go/v2 |
| versions: |
| - fixed: 2.0.8 |
| vulnerable_at: 2.0.7 |
| packages: |
| - package: github.com/ecies/go/v2 |
| symbols: |
| - PrivateKey.Encapsulate |
| - PrivateKey.ECDH |
| - PublicKey.Decapsulate |
| derived_symbols: |
| - Decrypt |
| - Encrypt |
| summary: Private key recovery via invalid curve point in github.com/ecies/go/v2 |
| description: |- |
| An attacker may be able to recover private keys due to a bug in the ECDH |
| function. |
| |
| The library does not check whether the provided public key is on the curve, |
| which means that an attacker can create a public key that is not on the curve |
| and use it to recover the private key. |
| |
| A workaround is to manually check that the public key is valid by calling the |
| IsOnCurve function from the secp256k1 libraries. |
| cves: |
| - CVE-2023-49292 |
| ghsas: |
| - GHSA-8j98-cjfr-qx3h |
| references: |
| - advisory: https://github.com/ecies/go/security/advisories/GHSA-8j98-cjfr-qx3h |
| - fix: https://github.com/ecies/go/commit/c6e775163866d6ea5233eb8ec8530a9122101ebd |
| - web: https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md |
| review_status: REVIEWED |