Lucene search
PRIOn knowledge basePRION:CVE-2023-49292HistoryDec 05, 2023 - 12:15 a.m.
Code injection
2023-12-0500:15:00
PRIOn knowledge base
www.prio-n.com
3
golang
ecies
vulnerability
code injection
encapsulation
decapsulation
ecdh
secp256k1
patch
upgrade
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.
Related
veracode
veracode
Private Key Restoration
2023-12-05 06:19:08
cvelist
cvelist
osv
osv
github.com/ecies/go vulnerable to possible private key restoration
2023-12-05 23:30:56
Private key recovery via invalid curve point in github.com/ecies/go/v2
2023-12-11 15:30:30
CVE-2023-49292
2023-12-05 00:15:09
nvd
nvd
CVE-2023-49292
2023-12-05 00:15:09
alpinelinux
alpinelinux
CVE-2023-49292
2023-12-05 00:15:09
cve
cve
CVE-2023-49292
2023-12-05 00:15:09
github
github
github.com/ecies/go vulnerable to possible private key restoration
2023-12-05 23:30:56
cbl_mariner
cbl_mariner
CVE-2023-49292 affecting package golang for versions less than 1.21.6-1
2024-07-01 15:26:49