data/reports: add GO-2023-1765.yaml
Aliases: CVE-2023-1732, GHSA-2q89-485c-9j2x
There were two edits in the fix CL that are not reflected in the
report: the ones in packages kem/kyber/templates and
kem/sike/templates. These contain Go files with a "//+ build ignore"
tag. They are actually templates that are probably used
to generated the other .go files.
I tried to add a comment to that effect to the yaml file,
but vulnreport removed it.
Fixes golang/vulndb#1765
Change-Id: Ib48fae330230687178ea4b61e6202150e6f89d1b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494940
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/osv/GO-2023-1765.json b/data/osv/GO-2023-1765.json
new file mode 100644
index 0000000..25f0dcb
--- /dev/null
+++ b/data/osv/GO-2023-1765.json
@@ -0,0 +1,111 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2023-1765",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2023-1732",
+ "GHSA-2q89-485c-9j2x"
+ ],
+ "details": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/cloudflare/circl",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.3.3"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "github.com/cloudflare/circl/abe/cpabe/tkn20/internal/tkn",
+ "symbols": [
+ "EncryptCCA"
+ ]
+ },
+ {
+ "path": "github.com/cloudflare/circl/blindsign/blindrsa",
+ "symbols": [
+ "RSAVerifier.Blind"
+ ]
+ },
+ {
+ "path": "github.com/cloudflare/circl/kem/frodo/frodo640shake",
+ "symbols": [
+ "PublicKey.EncapsulateTo",
+ "scheme.Encapsulate",
+ "scheme.EncapsulateDeterministically"
+ ]
+ },
+ {
+ "path": "github.com/cloudflare/circl/kem/kyber/kyber1024",
+ "symbols": [
+ "PublicKey.EncapsulateTo",
+ "scheme.Encapsulate",
+ "scheme.EncapsulateDeterministically"
+ ]
+ },
+ {
+ "path": "github.com/cloudflare/circl/kem/kyber/kyber512",
+ "symbols": [
+ "PublicKey.EncapsulateTo",
+ "scheme.Encapsulate",
+ "scheme.EncapsulateDeterministically"
+ ]
+ },
+ {
+ "path": "github.com/cloudflare/circl/kem/kyber/kyber768",
+ "symbols": [
+ "PublicKey.EncapsulateTo",
+ "scheme.Encapsulate",
+ "scheme.EncapsulateDeterministically"
+ ]
+ },
+ {
+ "path": "github.com/cloudflare/circl/kem/sike/sikep434",
+ "symbols": [
+ "scheme.Encapsulate"
+ ]
+ },
+ {
+ "path": "github.com/cloudflare/circl/kem/sike/sikep503",
+ "symbols": [
+ "scheme.Encapsulate"
+ ]
+ },
+ {
+ "path": "github.com/cloudflare/circl/kem/sike/sikep751",
+ "symbols": [
+ "scheme.Encapsulate"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1765"
+ }
+}
\ No newline at end of file
diff --git a/data/reports/GO-2023-1765.yaml b/data/reports/GO-2023-1765.yaml
new file mode 100644
index 0000000..efe75ac
--- /dev/null
+++ b/data/reports/GO-2023-1765.yaml
@@ -0,0 +1,66 @@
+modules:
+ - module: github.com/cloudflare/circl
+ versions:
+ - fixed: 1.3.3
+ vulnerable_at: 1.3.2
+ packages:
+ - package: github.com/cloudflare/circl/abe/cpabe/tkn20/internal/tkn
+ symbols:
+ - EncryptCCA
+ - package: github.com/cloudflare/circl/blindsign/blindrsa
+ symbols:
+ - RSAVerifier.Blind
+ - package: github.com/cloudflare/circl/kem/frodo/frodo640shake
+ symbols:
+ - PublicKey.EncapsulateTo
+ derived_symbols:
+ - scheme.Encapsulate
+ - scheme.EncapsulateDeterministically
+ - package: github.com/cloudflare/circl/kem/kyber/kyber1024
+ symbols:
+ - PublicKey.EncapsulateTo
+ derived_symbols:
+ - scheme.Encapsulate
+ - scheme.EncapsulateDeterministically
+ - package: github.com/cloudflare/circl/kem/kyber/kyber512
+ symbols:
+ - PublicKey.EncapsulateTo
+ derived_symbols:
+ - scheme.Encapsulate
+ - scheme.EncapsulateDeterministically
+ - package: github.com/cloudflare/circl/kem/kyber/kyber768
+ symbols:
+ - PublicKey.EncapsulateTo
+ derived_symbols:
+ - scheme.Encapsulate
+ - scheme.EncapsulateDeterministically
+ - package: github.com/cloudflare/circl/kem/sike/sikep434
+ symbols:
+ - scheme.Encapsulate
+ - package: github.com/cloudflare/circl/kem/sike/sikep503
+ symbols:
+ - scheme.Encapsulate
+ - package: github.com/cloudflare/circl/kem/sike/sikep751
+ symbols:
+ - scheme.Encapsulate
+summary: Kyber and FrodoKEM leak shared secret; blinding could be weak for tkn20 and
+ blindrsa.
+description: |
+ When sampling randomness for a shared secret, the implementation of Kyber
+ and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In
+ rare deployment cases (error thrown by the Read() function), this could lead
+ to a predictable shared secret.
+
+ The tkn20 and blindrsa components did not check whether enough randomness
+ was returned from the user provided randomness source. Typically the user
+ provides crypto/rand.Reader, which in the vast majority of cases will always
+ return the right number random bytes. In the cases where it does not, or the
+ user provides a source that does not, the blinding for blindrsa is weak and
+ integrity of the plaintext is not ensured in tkn20.
+cves:
+ - CVE-2023-1732
+ghsas:
+ - GHSA-2q89-485c-9j2x
+references:
+ - advisory: https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x
+ - fix: https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8