2 matches found
CVE-2023-1732
CVE-2023-1732 concerns CIRCL (Cloudflare’s Go cryptographic library) where the randomness sampling for Kyber and FrodoKEM did not verify that crypto/rand.Read() succeeded. In rare deployments, Read() could return an error, making the generated shared secret potentially predictable. Additional iss...
CVE-2026-1229
The CVE-2026-1229 issue concerns the CIRCL library’s secp384r1 implementation (CIRCL ecc/p384) where CombinedMult could yield an incorrect value for specific inputs. The root cause is fixed by using complete addition formulas in the library. Affected operations include ECDH and ECDSA signing on t...