Vulnerability Report: GO-2023-1595
- CVE-2023-24533, GHSA-f6hc-9g49-xmx7
- Affects: filippo.io/nistec
- Published: Feb 28, 2023
- Modified: Jun 12, 2023
Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this.
Affected Packages
-
PathVersionsSymbols
-
before v0.0.2
Aliases
References
- https://go.dev/issue/58647
- https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244
- https://vuln.go.dev/ID/GO-2023-1595.json
Credits
- Guido Vranken via the Ethereum Foundation bug bounty program
Feedback
See anything missing or incorrect?
Suggest an edit to this report.