CLEANSTART-2026-WG17155 CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs

Multiple security vulnerabilities affect the atlantis package. The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. See references for individual vulnerability details...

Linux Distros Unpatched Vulnerability : CVE-2026-1229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete...

Incorrect Calculation

Overview Affected versions of this package are vulnerable to Incorrect Calculation in the CombinedMult function, for certain specific inputs on which incomplete addition is not defined. Remediation Upgrade github.com/cloudflare/circl/ecc/p384 to version 1.6.3 or higher. References - GitHub Commit...

UBUNTU-CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

PT-2026-21672

Name of the Vulnerable Software and Affected Versions circl versions prior to 1.6.3 Description The CombinedMult function within the ecc/p384 package secp384r1 curve calculates an incorrect value for certain inputs. This issue does not affect ECDH and ECDSA signing operations that rely on this...

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

...

SUSE-SU-2025:20406-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 on PPC arch bsc1240366 - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136...

Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: update to NSS 3.101.2 ChaChaXor to return after the function update to NSS 3.101.1 missing sqlite header. GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101 add diagnostic assertions for SFTKObject refcount. freeing...

nss security update

3.90.0-6fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35862190 - Update FIPS module name for Oracle Linux Orabug: 35862190 3.90.0-6 - Fix ecc DER wrapping. 3.90.0-5 - Pick up validated constant time implementations of p256, p384, and p521 from upsream - Mo...

PT-2024-22991 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL affected versions not specified Description: The issue is related to a possible out-of-bounds OOB read in the asn1 ec pkey parse p384 function of asn1 common.c due to a missing null check. This could lead to local information disclosu...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing null check in the asn1ecpkeyparsep384 module of the asn1common.c file, which could lead to out-of-bounds reads...

CLSA-2023-1676571183 Update of nss

Update to CKBI 2.60 from NSS 3.86 - Added: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - Certificate "Certainly Root E1" - Certificate "Certainly Root R1" - Certificate "DigiCert SMIME ECC P384 Root G5" - Certificate "DigiCert SMIME RSA4096 Root G5" - Certificate...

AZL-79018 CVE-2019-6486 affecting package golang 1.25.7-1

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks...

nettle: miscalculations on secp384 curve

x8664/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors...

DEBIAN-CVE-2011-4354

crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows...