发布于3月6日3月6日 Members Red Hat: CVE-2023-24532: golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/08/2023 Created 09/04/2024 Added 09/03/2024 Modified 09/13/2024 Description The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. Solution(s) redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests References CVE-2023-24532 RHSA-2023:3318 RHSA-2023:3319
