PT-2023-2767 · Go+6 · Go+6

Guido Vranken

Published

2023-03-07

Updated

2024-06-15

CVE-2023-24532

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Go (affected versions not specified)

Description The issue is related to the ScalarMult and ScalarBaseMult methods of the P256 Curve in the Go programming language, which may return incorrect results when called with specific unreduced scalars. This could potentially allow a remote attacker to impact the integrity of protected information. The issue does not affect usages of crypto/ecdsa or crypto/ecdh.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

ALT-PU-2023-1394

ALT-PU-2023-1405

ALT-PU-2023-4785

AZL-37373

AZL-37385

AZL-52875

AZL-78976

BDU:2023-02657

BIT-GOLANG-2023-24532

CESA-2023_3319

CVE-2023-24532

GO-2023-1621

MGASA-2023-0109

OPENSUSE-SU-2024:12760-1

OPENSUSE-SU-2024:12770-1

RHSA-2023:3318

RHSA-2023:3319

RHSA-2023_3318

RHSA-2023_3319

SUSE-SU-2023:0733-1

SUSE-SU-2023:0735-1

SUSE-SU-2023:0871-1

Affected Products

Alt Linux

Astra Linux

Centos

Debian

Red Hat

Suse

PT-2023-2767 · Go+6 · Go+6

CVE-2023-24532

Weakness Enumeration

Related Identifiers

Affected Products

References · 55