2442371 – (CVE-2026-1229) CVE-2026-1229 github.com/cloudflare/circl/ecc/p384: CIRCL ecc/p384: Incorrect cryptographic calculations via specific inputs

Bug 2442371 (CVE-2026-1229) - CVE-2026-1229 github.com/cloudflare/circl/ecc/p384: CIRCL ecc/p384: Incorrect cryptographic calculations via specific inputs

Summary: CVE-2026-1229 github.com/cloudflare/circl/ecc/p384: CIRCL ecc/p384: Incorrect...

Keywords:
Status:	NEW
Alias:	CVE-2026-1229
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2442402 2442404 2442405 2442406
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-24 16:03 UTC by OSIDB Bzimport
Modified:	2026-02-24 17:05 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-24 16:03:28 UTC

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.
ECDH and ECDSA signing relying on this curve are not affected.

The bug was fixed in  v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .

Note You need to log in before you can comment on or make changes to this bug.