x/vulndb: add reports/GO-2022-0187.yaml for CVE-2017-8932
Fixes golang/vulndb#0187
Change-Id: Ie9e7a0bdd2dfa6ebe8c427867f774d251e6de46d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/415155
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
diff --git a/reports/GO-2022-0187.yaml b/reports/GO-2022-0187.yaml
new file mode 100644
index 0000000..39c8dad
--- /dev/null
+++ b/reports/GO-2022-0187.yaml
@@ -0,0 +1,29 @@
+packages:
+ - module: std
+ package: crypto/elliptic
+ symbols:
+ - p256SubInternal
+ versions:
+ - introduced: 1.6.0
+ fixed: 1.7.6
+ - introduced: 1.8.0
+ fixed: 1.8.2
+ vulnerable_at: 1.8.1
+arch:
+ - amd64
+description: |
+ The ScalarMult implementation of curve P-256 for amd64 architectures
+ generates incorrect results for certain specific input points.
+ An adaptive attack can progressively extract the scalar input to
+ ScalarMult by submitting crafted points and observing failures to
+ derive correct output. This leads to a full key recovery attack
+ against static ECDH, as used in popular JWT libraries.
+cves:
+ - CVE-2017-8932
+credit: Vlad Krasnov and Filippo Valsorda at Cloudflare
+links:
+ pr: https://go.dev/cl/41070
+ commit: https://go.googlesource.com/go/+/9294fa2749ffee7edbbb817a0ef9fe633136fa9c
+ context:
+ - https://go.dev/issue/20040
+ - https://groups.google.com/g/golang-announce/c/B5ww0iFt1_Q/m/TgUFJV14BgAJ