CVE-2023-1732

2023-05-1012:15:10

CWE-755

CWE-20

cloudflare

web.nvd.nist.gov

167

cve

2023

1732

kyber

frodokem

randomness

security

vulnerability

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.

The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

Affected configurations

Nvd

Node

cloudflarecirclRange<1.3.3go

VendorProductVersionCPE
cloudflarecircl*cpe:2.3:a:cloudflare:circl:*:*:*:*:*:go:*:*

Vendor	Product	Version	CPE
cloudflare	circl	*	cpe:2.3:a:cloudflare:circl::::::go::*

CNA Affected

[
  {
    "collectionURL": "https://github.com/cloudflare/circl",
    "defaultStatus": "unaffected",
    "platforms": [
      "Go"
    ],
    "product": "CIRCL",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "<1.3.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]