CLEANSTART-2026-WH33500 CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs

Multiple security vulnerabilities affect the atlantis-fips package. The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. See references for individual vulnerability details...

CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

CVE-2026-1229

The CVE-2026-1229 issue concerns the CIRCL library’s secp384r1 implementation (CIRCL ecc/p384) where CombinedMult could yield an incorrect value for specific inputs. The root cause is fixed by using complete addition formulas in the library. Affected operations include ECDH and ECDSA signing on t...

PT-2026-21672

Name of the Vulnerable Software and Affected Versions circl versions prior to 1.6.3 Description The CombinedMult function within the ecc/p384 package secp384r1 curve calculates an incorrect value for certain inputs. This issue does not affect ECDH and ECDSA signing operations that rely on this...