Bug 2223355 (CVE-2023-24532)

Summary: CVE-2023-24532 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, abenaiss, aileenc, amasferr, amctagga, aoconnor, asm, bniver, bodavis, chazlett, dbenoit, dcadzow, dfreiber, dhughes, dkenigsb, dsimansk, dymurray, eaguilar, ebaron, eglynn, ellin, emachado, eric.wittmann, fdeutsch, flucifre, gmeno, gparvin, ibolton, janstey, jburrell, jcantril, jjoyce, jkang, jkoehler, jmatthew, jmontleo, jpallich, jwendell, lball, lhh, lmadsen, matzew, mbenjamin, mburns, mgarciac, mhackett, mkudlej, mnewsome, mrunge, mwringe, nboldt, njean, nobody, oramraz, owatkins, pahickey, pantinor, peholase, periklis, pgrist, pjindal, rcernich, rhos-maint, rhuss, rjohnson, rogbas, scorneli, sfroberg, shbose, sipoyare, skontopo, slucidi, smullick, sostapov, sseago, stcannon, teagle, tjochec, tstellar, twalsh, vereddy, vkumar, whayutin
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Go 1.20.2 and Go 1.19.7 Doc Type: ---
Doc Text:
A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2223364, 2223365, 2223366, 2223368, 2223369, 2223371, 2223372, 2223373, 2223374, 2223375, 2223376, 2223367, 2223370, 2224011    
Bug Blocks: 2223394    

Description Avinash Hanwate 2023-07-17 13:16:33 UTC 
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

https://go.dev/cl/471255
https://pkg.go.dev/vuln/GO-2023-1621
https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
https://go.dev/issue/58647
Comment 1 Avinash Hanwate 2023-07-17 13:53:13 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2223364]
Affects: fedora-all [bug 2223365]
Comment 6 errata-xmlrpc 2023-08-14 01:03:05 UTC 
This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627