发布于3月6日3月6日 Members Amazon Linux 2023: CVE-2023-24532: Important priority package update for golang Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/08/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh. Solution(s) amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-race amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests References https://attackerkb.com/topics/cve-2023-24532 CVE - 2023-24532 https://alas.aws.amazon.com/AL2023/ALAS-2023-175.html
