Bug 2053429 (CVE-2022-23806)

Summary: CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
Product: [Other] Security Response Reporter: Vipul Nair <vinair>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abishop, adam.kaplan, agarcial, akashem, alitke, amctagga, amuller, amurdaca, anharris, anpicker, aos-bugs, aos-install, aos-network-edge-staff, aos-odin-bot, aos-storage-staff, aos-team-ota, arane, asm, bbennett, bcoca, bdettelb, bmontgom, bniver, bodavis, carangog, carl, caswilli, cmarinea, cmeyers, cnv-qe-bugs, dagray, davidn, dbecker, dbenoit, dholler, dornelas, dperaza, dwalsh, dwd, dwest, dwhatley, dymurray, eglynn, emachado, eparis, erooth, etamir, ewolinet, fdeutsch, fjansen, flucifre, gblomqui, gmeno, go-sig, gparvin, hchiramm, hvyas, ibolton, jaharrin, jakob, jarrpa, jburrell, jcajka, jcammara, jcantril, jeder, jerzhang, jhadvig, jhardy, jhrozek, jitsingh, jjoyce, jlanford, jligon, jmatthew, jmencak, jmittapa, jmontleo, jobarker, joelsmith, jokerman, jortel, jpadman, jramanat, jschluet, jwendell, jwong, jwon, kaycoth, krathod, lball, lemenkov, lhh, lhinds, link, lmadsen, lmeyer, lpeer, mabashia, madam, maszulik, matzew, mbenjamin, mburns, mfojtik, mgarciac, mhackett, mmagr, mnewsome, mrogers, mrunge, mrussell, mthoemme, nbecker, njean, nobody, notting, nstielau, obulatov, ocs-bugs, osapryki, ovanders, pahickey, pakotvan, pbhattac, pegoncal, quantum.analyst, rcernich, relrod, rfreiman, rhcos-triage, rhuss, rpetrell, rphillips, rrajasek, sabose, sanchezl, sclewis, sd-operator-metering, sdoran, sejug, sfowler, sgott, shardy, sipoyare, slaznick, slinaber, slucidi, smcdonal, sostapov, spandura, spasquie, sponnaga, spower, sseago, stcannon, stirabos, sttts, suprs, surbania, tcarlin, team-winc, tkasparek, tkral, tkuratom, tnielsen, tstellar, tsweeney, twalsh, vereddy, vkumar, whayutin, xiyuan, xxia, ypadia, ytale
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: go 1.17.7, go 1.16.14 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-11 16:15:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2063937, 2063939, 2073715, 2073716, 2053432, 2053433, 2054628, 2054668, 2054845, 2056095, 2056098, 2056102, 2056513, 2056514, 2057118, 2057120, 2058179, 2058180, 2058181, 2058182, 2058183, 2058184, 2066428, 2067552, 2068603, 2068662, 2068663, 2068664, 2068670, 2068671, 2068673, 2068803, 2068827, 2068828, 2068829, 2068836, 2080392, 2080393, 2080394, 2080395, 2080396, 2080397, 2080398, 2080399, 2080400, 2080401, 2080402, 2080403, 2080404, 2080405, 2080406, 2093366, 2093367, 2093369, 2093370, 2168805    
Bug Blocks: 2053423, 2053545    

Description Vipul Nair 2022-02-11 09:51:02 UTC 
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
Comment 1 Vipul Nair 2022-02-11 09:56:38 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2053432]
Affects: fedora-all [bug 2053433]
Comment 17 errata-xmlrpc 2022-03-28 14:15:52 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8

Via RHSA-2022:1081 https://access.redhat.com/errata/RHSA-2022:1081
Comment 24 errata-xmlrpc 2022-05-10 13:38:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1819 https://access.redhat.com/errata/RHSA-2022:1819
Comment 25 Product Security DevOps Team 2022-05-11 16:15:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-23806
Comment 26 errata-xmlrpc 2022-06-01 11:46:17 UTC 
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2022:4860 https://access.redhat.com/errata/RHSA-2022:4860
Comment 27 errata-xmlrpc 2022-06-01 13:59:28 UTC 
This issue has been addressed in the following products:

  Openshift Serveless 1.22

Via RHSA-2022:4863 https://access.redhat.com/errata/RHSA-2022:4863
Comment 28 errata-xmlrpc 2022-06-09 02:06:27 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8

Via RHSA-2022:4956 https://access.redhat.com/errata/RHSA-2022:4956
Comment 29 errata-xmlrpc 2022-06-13 12:33:15 UTC 
This issue has been addressed in the following products:

  OpenShift Service Mesh 2.1

Via RHSA-2022:5004 https://access.redhat.com/errata/RHSA-2022:5004
Comment 30 errata-xmlrpc 2022-06-13 12:44:03 UTC 
This issue has been addressed in the following products:

  OpenShift Service Mesh 2.1

Via RHSA-2022:5006 https://access.redhat.com/errata/RHSA-2022:5006
Comment 31 errata-xmlrpc 2022-06-27 17:03:32 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8

Via RHSA-2022:5201 https://access.redhat.com/errata/RHSA-2022:5201
Comment 32 errata-xmlrpc 2022-06-28 17:06:00 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8
  Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7

Via RHSA-2022:5392 https://access.redhat.com/errata/RHSA-2022:5392
Comment 33 errata-xmlrpc 2022-08-09 02:35:42 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:5875 https://access.redhat.com/errata/RHSA-2022:5875
Comment 34 errata-xmlrpc 2022-08-10 10:08:30 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11
  Ironic content for Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068
Comment 37 errata-xmlrpc 2022-08-23 18:11:55 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:6094 https://access.redhat.com/errata/RHSA-2022:6094
Comment 38 errata-xmlrpc 2022-08-24 13:46:46 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Data Foundation 4.11 on RHEL8

Via RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156
Comment 39 errata-xmlrpc 2022-09-14 19:27:29 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-4.11

Via RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526
Comment 40 errata-xmlrpc 2023-01-24 13:34:18 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-4.12

Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
Comment 44 errata-xmlrpc 2023-03-30 00:42:41 UTC 
This issue has been addressed in the following products:

  STF-1.5-RHEL-8

Via RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529