CVE-2023-24533

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
GoCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
nistec_projectnistec
𝑥
< 0.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244
https://go.dev/issue/58647
https://pkg.go.dev/vuln/GO-2023-1595
https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244
https://go.dev/issue/58647
https://pkg.go.dev/vuln/GO-2023-1595