Astra Linux - уязвимость в golang-1.19

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return incorrect results if called with certain specific unreduced scalars scalars that are larger than the order of the curve. This does not affect the usage of crypto/ecdsa or crypto/ecdh...

EUVD-2023-28550

Malicious code in bioql PyPI...

BIT-GOLANG-2023-24532 Incorrect calculation on P256 curves in crypto/internal/nistec

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an incorrect result in the ScalarMult and ScalarBaseMult methods in Golang Go (CVE-2023-24532)

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an incorrect result in the ScalarMult and ScalarBaseMult methods in Golang Go with an unknown impact and attack vector.CVE-2023-24532. Golang Go is included in the operators used by our...

Security Bulletin: Operations Dashboard is vulnerable to unspecified errors due to Go (CVE-2023-24532)

Summary Operations Dashboard is vulnerable to unspecified errors due to Go CVE-2023-24532 with details below. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go ha...

Security Bulletin: IBM Event Streams is affected by vulnerabilities in Golang Go (CVE-2022-41724, CVE-2023-24532)

Summary These security vulnerabilities affect Golang Go that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handsha...

The vulnerability of the ScalarMult and ScalarBaseMult methods in the Go programming language allows attackers to compromise the integrity of the protected information.

The vulnerability of the ScalarMult and ScalarBaseMult methods in the Go programming language is related to incorrect calculations. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the protected information...

CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

Code injection

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

CVE-2023-24532 Incorrect calculation on P256 curves in crypto/internal/nistec

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

CVE-2023-24532

CVE-2023-24532 involves the ScalarMult and ScalarBaseMult methods on the Go golang P256 curve. The vulnerability can yield an incorrect result when invoked with certain unreduced scalars larger than the curve order. The issue does not affect usages of crypto/ecdsa or crypto/ecdh. Public advisorie...

CVE-2023-24532 Incorrect calculation on P256 curves in crypto/internal/nistec

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

GO-2023-1621 Incorrect calculation on P256 curves in crypto/internal/nistec

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

Allocation of Resources Without Limits or Throttling

Overview std/crypto/internal/nistec is a Go standard library package std/crypto/internal/nistec Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: in the ScalarMult or ScalarBaseMult process when provided with certain...

FreeBSD : go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results (742279d6-bdbe-11ed-a179-2b68e9d12706)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 742279d6-bdbe-11ed-a179-2b68e9d12706 advisory. - The Go project reports: crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results The...

go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results

The Go project reports: crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve...

GO-2022-0435 Panic due to large inputs affecting P-256 curves in crypto/elliptic

A crafted scalar input longer than 32 bytes can cause P256.ScalarMult or P256.ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected...

CVE-2022-28327

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...