CVE-2023-1732 Improper random reading in CIRCL

2023-05-1011:41:53

CWE-20

CWE-755

cloudflare

www.cve.org

cve-2023-1732

randomness sampling

shared secret

kyber

frodokem

error handling

deployment

predictability

tkn20

blindrsa

randomness source

blinding

plaintext integrity

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.

The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

CNA Affected

[
  {
    "collectionURL": "https://github.com/cloudflare/circl",
    "defaultStatus": "unaffected",
    "platforms": [
      "Go"
    ],
    "product": "CIRCL",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "<1.3.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]