Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-24532

Опубликовано: 08 мар. 2023
Источник: redhat
CVSS3: 5.3

Описание

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 2cryostat-tech-preview/cryostat-rhel8-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-rhv-populator-rhel8Affected
Network Observability Operatornetwork-observability/network-observability-rhel9-operatorAffected
OpenShift Developer Tools and Servicesocp-tools-4/jenkins-rhel8Affected
OpenShift Serverlessopenshift-serverless-1/client-kn-rhel8Affected
OpenShift Service Mesh 2openshift-golang-builder-containerAffected
Red Hat 3scale API Management Platform 23scale-operator-containerAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/volsync-mover-rclone-rhel8Not affected
Red Hat build of Apicurio Registry 2integration-service-registry-operator-containerWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-682
https://bugzilla.redhat.com/show_bug.cgi?id=2223355golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-24532

CVSS3: 5.3
ubuntu
почти 3 года назад

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

nvd логотип

CVE-2023-24532

CVSS3: 5.3
nvd
почти 3 года назад

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

msrc логотип

CVE-2023-24532

CVSS3: 5.3
msrc
7 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-24532

CVSS3: 5.3
debian
почти 3 года назад

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...

github логотип

GHSA-x2w5-7wp4-5qff

github
почти 3 года назад

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

5.3 Medium

CVSS3