CVE-2023-24532
Published Mar 8, 2023
Last updated a year ago
Overview
- Description
- The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
- Source
- security@golang.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-682
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15520F70-C473-425F-8B9F-FAD4804D32E8", "versionEndExcluding": "1.19.7" }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFE15B38-D5B0-4231-BB31-228BAF815F72", "versionEndExcluding": "1.20.2", "versionStartIncluding": "1.20.0" } ], "operator": "OR" } ] } ]