Bug 2371624 (CVE-2025-8556, GHSA-2x5j-vhc8-9cwm)

Summary: CVE-2025-8556 github.com/cloudflare/circl: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abarbaro, agarcial, ahrabovs, alcohan, amctagga, anjoseph, aoconnor, asegurap, aucunnin, bbrownin, bniver, brainfor, dbosanac, dfreiber, dhanak, drosa, drow, dsimansk, eglynn, fdeutsch, flucifre, gmeno, gparvin, gtanzill, jburrell, jbuscemi, jchui, jhe, jjoyce, jkoehler, jprabhak, jreimann, jschluet, jsherril, jwendell, kingland, ktsao, kverlaen, lball, lchilton, ldai, lhh, ljawale, lphiri, lsharar, lsvaty, lucarval, luizcosta, matzew, mbenjamin, mburns, mdessi, mgarciac, mhackett, mkleinhe, mnovotny, mrizzi, mstoklus, nboldt, ngough, njean, nweather, oramraz, owatkins, pahickey, pcattana, pgrist, psrna, rbobbitt, rcernich, rhaigner, sausingh, sdawley, sfeifer, smullick, sostapov, stirabos, thason, vereddy, veshanka, vkumar, wtam
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2386285, 2386288, 2386290, 2386291, 2386292, 2386293, 2386294, 2386295, 2386298, 2386300, 2386302, 2386303, 2386304, 2386305, 2386306, 2386307, 2386308, 2386312, 2386281, 2386282, 2386283, 2386284, 2386286, 2386287, 2386289, 2386296, 2386297, 2386299, 2386301, 2386309, 2386310, 2386311    
Bug Blocks:    

Description OSIDB Bzimport 2025-06-11 00:01:15 UTC 
### Impact
The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security.

Moreover, there is an incorrect point validation in ScalarMult can lead to incorrect results in the isEqual function and if a point is on the curve.


### Patches
Version 1.6.1 (https://github.com/cloudflare/circl/tree/v1.6.1) mitigates the identified issues.

We acknowledge Alon Livne (Botanica Software Labs) for the reported findings.