data/reports/GO-2023-1595.yaml - vulndb - Git at Google

 id: GO-2023-1595
 modules:
     - module: filippo.io/nistec
       versions:
         - fixed: 0.0.2
       vulnerable_at: 0.0.1
       packages:
         - package: filippo.io/nistec
           goarch:
             - amd64
             - arm64
             - ppc64le
             - s390x
           symbols:
             - p256OrdInverse
             - P256Point.ScalarBaseMult
             - P256Point.ScalarMult
 summary: Incorrect multiplication of unreduced P-256 scalars in filippo.io/nistec
 description: |-
     Multiplication of certain unreduced P-256 scalars produce incorrect results.

     There are no protocols known at this time that can be attacked due to this.
 ghsas:
     - GHSA-f6hc-9g49-xmx7
 credits:
     - Guido Vranken via the Ethereum Foundation bug bounty program
 references:
     - report: https://go.dev/issue/58647
     - fix: https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244
 cve_metadata:
     id: CVE-2023-24533
     cwe: 'CWE-682: Incorrect Calculation'
	id: GO-2023-1595
	modules:
	- module: filippo.io/nistec
	versions:
	- fixed: 0.0.2
	vulnerable_at: 0.0.1
	packages:
	- package: filippo.io/nistec
	goarch:
	- amd64
	- arm64
	- ppc64le
	- s390x
	symbols:
	- p256OrdInverse
	- P256Point.ScalarBaseMult
	- P256Point.ScalarMult
	summary: Incorrect multiplication of unreduced P-256 scalars in filippo.io/nistec
	description: \|-
	Multiplication of certain unreduced P-256 scalars produce incorrect results.

	There are no protocols known at this time that can be attacked due to this.
	ghsas:
	- GHSA-f6hc-9g49-xmx7
	credits:
	- Guido Vranken via the Ethereum Foundation bug bounty program
	references:
	- report: https://go.dev/issue/58647
	- fix: https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244
	cve_metadata:
	id: CVE-2023-24533
	cwe: 'CWE-682: Incorrect Calculation'