CVE-2023-24533

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue concerns the multiplication of certain unreduced P-256 scalars, which can produce incorrect results. However, there are no known protocols that can be attacked due to this issue. The problem arises because the P-256 assembly does not use complete addition formulas, which can lead to incorrect results when the two inputs are equal. This was previously mitigated by always reducing the scalar, but a change in the math/big rewrite removed this reduction, assuming it was not necessary.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.