Lucene search
IBMB0975717E5BDE996AB16AC3ECA372A52DC903978609DFE755AC3EA662E9B7384HistoryJun 22, 2023 - 6:34 p.m.
Security Bulletin: IBM Storage Protect Server is vulnerable to attacks due to Golang Go (CVE-2023-24532)
2023-06-2218:34:51
www.ibm.com
5
0.001 Low
EPSS
Percentile
39.4%
Summary
Golang Go is used by IBM Storage Protect Server and may be affected by this vulnerability.
Vulnerability Details
CVEID:CVE-2023-24532
**DESCRIPTION:**An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249655 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Storage Protect Server | 8.1 |
Remediation/Fixes
| IBM Storage Protect Server Affected Versions | Fixing Level | Platform | Link to Fix and Instructions |
|---|---|---|---|
| 8.1.0.000 - 8.1.18.xxx | 8.1.19 | AIX, Linux, Windows | <https://www.ibm.com/support/pages/node/6988821> |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum protect | eq | 8.1 |
Related
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.7-alt1
2023-03-10 00:00:00
ubuntucve
ubuntucve
CVE-2023-24532
2023-03-08 00:00:00
ibm
ibm
debiancve
debiancve
CVE-2023-24532
2023-03-08 20:15:09
veracode
veracode
Incorrect ECC Calculation
2023-03-09 11:15:16
cgr
cgr
CVE-2023-24532 vulnerabilities
2024-05-19 03:07:16
prion
prion
Code injection
2023-03-08 20:15:00
osv
osv
BIT-golang-2023-24532
2024-03-06 10:57:15
Incorrect calculation on P256 curves in crypto/internal/nistec
2023-03-08 19:30:53
CVE-2023-24532
2023-03-08 20:15:09
nessus
nessus
FreeBSD : go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results (742279d6-bdbe-11ed-a179-2b68e9d12706)
2023-03-08 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2023:0733-1)
2023-03-15 00:00:00
SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)
2023-03-23 00:00:00
freebsd
freebsd
go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
2023-02-22 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-24532 affecting package golang for versions less than 1.21.6-1
2024-05-21 03:38:00
cvelist
cvelist
alpinelinux
alpinelinux
CVE-2023-24532
2023-03-08 20:15:09
cve
cve
CVE-2023-24532
2023-03-08 20:15:09
redhatcve
redhatcve
CVE-2023-24532
2023-07-17 17:11:05
wolfi
wolfi
CVE-2023-24532 vulnerabilities
2024-05-20 21:07:17
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0109)
2023-03-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0733-1)
2023-03-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0871-1)
2023-03-28 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2023-03-24 08:55:49
redhat
redhat
(RHSA-2023:3318) Important: go-toolset and golang security update
2023-05-25 07:36:38
(RHSA-2023:3319) Important: go-toolset:rhel8 security update
2023-05-25 07:36:40
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0362
2023-03-23 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0564
2023-04-06 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0425
2023-07-12 00:00:00
amazon
amazon
Important: golang
2023-07-20 17:29:00
Important: golang
2023-04-13 19:28:00
Important: golang
2023-04-13 19:01:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
0.001 Low
EPSS
Percentile
39.4%
Related for B0975717E5BDE996AB16AC3ECA372A52DC903978609DFE755AC3EA662E9B7384