FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results

Affected packages
go119 < 1.19.7
go120 < 1.20.2

Details

VuXML ID 742279d6-bdbe-11ed-a179-2b68e9d12706
Discovery 2023-02-22
Entry 2023-03-08

The Go project reports:

crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve).

References

CVE Name CVE-2023-24532
URL https://groups.google.com/g/golang-dev/c/3wmx8i5WvNY/m/AEOlccrGAwAJ