CVE-2023-24532

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-24532

Severity

Unknown

Description

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

References

https://images.chainguard.dev/security/CGA-qvgr-xhj6-p2jj
https://github.com/advisories/GHSA-x2w5-7wp4-5qff
https://images.chainguard.dev/security/CGA-cw65-5848-957q
https://images.chainguard.dev/security/CGA-3cw4-qg56-2rf8
https://images.chainguard.dev/security/CGA-c8wm-x8rf-fp5j
https://images.chainguard.dev/security/CGA-cpjj-34j2-332p
https://images.chainguard.dev/security/CGA-4vp6-p5v2-vv32
https://security.netapp.com/advisory/ntap-20230331-0011/
https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
https://go.dev/cl/471255
https://go.dev/issue/58647
https://pkg.go.dev/vuln/GO-2023-1621
https://security-tracker.debian.org/tracker/CVE-2023-24532

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-24532

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources