| { |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0", |
| "cveMetadata": { |
| "cveId": "CVE-2023-24533" |
| }, |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this." |
| } |
| ], |
| "affected": [ |
| { |
| "vendor": "filippo.io/nistec", |
| "product": "filippo.io/nistec", |
| "collectionURL": "https://pkg.go.dev", |
| "packageName": "filippo.io/nistec", |
| "versions": [ |
| { |
| "version": "0", |
| "lessThan": "0.0.2", |
| "status": "affected", |
| "versionType": "semver" |
| } |
| ], |
| "programRoutines": [ |
| { |
| "name": "p256OrdInverse" |
| }, |
| { |
| "name": "P256Point.ScalarBaseMult" |
| }, |
| { |
| "name": "P256Point.ScalarMult" |
| } |
| ], |
| "defaultStatus": "unaffected" |
| } |
| ], |
| "problemTypes": [ |
| { |
| "descriptions": [ |
| { |
| "lang": "en", |
| "description": "CWE-682: Incorrect Calculation" |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://go.dev/issue/58647" |
| }, |
| { |
| "url": "https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244" |
| }, |
| { |
| "url": "https://pkg.go.dev/vuln/GO-2023-1595" |
| } |
| ], |
| "credits": [ |
| { |
| "lang": "en", |
| "value": "Guido Vranken via the Ethereum Foundation bug bounty program" |
| } |
| ] |
| } |
| } |
| } |
