8000 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) · Issue #58647 · golang/go · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
crypto/elliptic: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) #58647
New issue
New issue
Closed
Closed
crypto/elliptic: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)#58647
Labels
FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Security
Milestone
 
Go1.21
@rolandshoemaker

Description

@rolandshoemaker
rolandshoemaker
opened on Feb 22, 2023

In particular (in psuedocode)

x = 48439561293906451759052585252797914202762949526041747995844080717082404635286
y = 36134250956749795798585127919587881956611106672985015071877198253568414405109

P256().ScalarMult(x, y, 30) != P256().ScalarMult(x, y, N + 30)

Thanks to Guido Vranken for reporting this issue via the Ethereum Foundation bug
bounty program.

This is CVE-2023-24532 and Go issue https://go.dev/issue/58647 (this one).

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Security

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0