CVE-2023-24532 Vulnerability Details

  /     /     /  

CVE-2023-24532 Metadata Quick Info

CVE Published: 08/03/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Go | Vendor: Go standard library | Product: crypto/internal/nistec
Status : PUBLISHED

---

CVE-2023-24532 Description

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-682: Incorrect Calculation
Source: Go standard library

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).