vulnerability
FreeBSD: VID-742279D6-BDBE-11ED-A179-2B68E9D12706 (CVE-2023-24532): go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Feb 22, 2023 | Mar 9, 2023 | Jan 28, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Feb 22, 2023
Added
Mar 9, 2023
Modified
Jan 28, 2025
Description
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
Solution(s)
freebsd-upgrade-package-go119freebsd-upgrade-package-go120
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.