Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

...

Incorrect calculation on P256 curves in crypto/internal/nistec

...

crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...

crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...

crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...

crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...

Timing Attack

Overview std/crypto/internal/nistec is a Go standard library package std/crypto/internal/nistec Affected versions of this package are vulnerable to Timing Attack. Go Vulnerability Report: due to the use of a variable time instruction in the assembly implementation of the function, a small number ...

golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecds...

CVE-2023-24532 Incorrect calculation on P256 curves in crypto/internal/nistec

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

CVE-2023-24533 Incorrect multiplication of unreduced P-256 scalars in filippo.io/nistec

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/internal/nistec is a Go standard library package std/crypto/internal/nistec Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: in the ScalarMult or ScalarBaseMult process when provided with certain...

GHSA-F6HC-9G49-XMX7 nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. From the fix commit notes: Unlike the rest of nistec, the P-256 assembly doesn't use complete addition formulas, meaning that...

nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. From the fix commit notes: Unlike the rest of nistec, the P-256 assembly doesn't use complete addition formulas, meaning that...

nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. From the fix commit notes: Unlike the rest of nistec, the P-256 assembly does not use complete addition formulas, meaning that...

GO-2023-1595 Incorrect multiplication of unreduced P-256 scalars in filippo.io/nistec

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this...