FreeBSD : go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results (742279d6-bdbe-11ed-a179-2b68e9d12706)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 742279d6-bdbe-11ed-a179-2b68e9d12706 advisory. - The Go project reports: crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results The...

go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results

The Go project reports: crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve...

Buffer Overflow

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Buffer Overflow. Go Vulnerability Report: via the ScalarMult process in the crypto/elliptic package on amd64 architectures. An attacker can recover secret scalar...

GO-2022-0187 Incorrect computation for P-256 curves in crypto/elliptic

The ScalarMult implementation of curve P-256 for amd64 architectures generates incorrect results for certain specific input points. An adaptive attack can progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to derive correct output. This leads ...

GO-2022-0435 Panic due to large inputs affecting P-256 curves in crypto/elliptic

A crafted scalar input longer than 32 bytes can cause P256.ScalarMult or P256.ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected...

CVE-2022-28327

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...

GO-2021-0235 Incorrect operations on the P-224 curve in crypto/elliptic

The P224 Curve implementation can in rare circumstances generate incorrect outputs, including returning invalid points from ScalarMult...

GHSA-2WC6-2RCJ-8V76 scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

There are unspecified vulnerabilities in sodiumoxide

sodiumoxide is a new cryptographic library for network communications. An unspecified vulnerability exists in the 'scalarmult' function in sodiumoxide 0.0.13 and earlier. No details of the vulnerability are provided at this time...

CVE-2017-1000168

sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...

Code injection

sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...

CVE-2017-1000168

sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...

CVE-2017-1000168

The CVE-2017-1000168 entry concerns sodiumoxide prior to a fixed release where the scalarmult() function refused all-zero public keys, preventing the derived Diffie-Hellman shared secret from always being zero. The root cause, as documented in multiple sources (e.g., rustsec and GHSA advisories),...

CVE-2017-8932

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by...

CVE-2017-8932

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by...

CVE-2017-8932

CVE-2017-8932 affects the Go standard library’s ScalarMult on the P-256 curve for amd64. The bug causes incorrect results for certain input points, enabling an adaptive attack that progressively extracts the scalar in the ScalarMult operation and can lead to a full key recovery for static ECDH as...

CVE-2017-8932

Removed by vendor...

scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

RUSTSEC-2017-0001 scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...