The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
Weakness
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Go | Golang | * | 1.19.7 (excluding) |
| Go | Golang | 1.20.0 (including) | 1.20.2 (excluding) |
| MTA-6.2-RHEL-9 | RedHat | mta/mta-hub-rhel9:6.2.0-16 | * |
| OADP-1.1-RHEL-8 | RedHat | oadp/oadp-velero-rhel8:1.1.6-7 | * |
| OSSO-1.1-RHEL-8 | RedHat | openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-30 | * |
| Red Hat Enterprise Linux 8 | RedHat | go-toolset:rhel8-8080020230517172404.6b4b45d8 | * |
| Red Hat Enterprise Linux 9 | RedHat | golang-0:1.19.9-2.el9_2 | * |
| Red Hat Migration Toolkit for Containers 1.7 | RedHat | rhmtc/openshift-velero-plugin-rhel8:v1.7.12-1 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | rhosp-rhel8/osp-director-agent:1.3.0-10 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | rhosp-rhel8/osp-director-downloader:1.3.0-11 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | rhosp-rhel8/osp-director-operator:1.3.0-9 | * |
| Red Hat OpenStack Platform 16.2 | RedHat | rhosp-rhel8/osp-director-operator-bundle:1.3.0-19 | * |
| RHODF-4.15-RHEL-9 | RedHat | odf4/cephcsi-rhel9:v4.15.0-37 | * |
| RODOO-1.0-RHEL-8 | RedHat | run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30 | * |
| STF-1.5-RHEL-8 | RedHat | stf/prometheus-webhook-snmp-rhel8:1.5.2-8 | * |
| STF-1.5-RHEL-8 | RedHat | stf/service-telemetry-operator-bundle:1.5.1697612918-1 | * |
| STF-1.5-RHEL-8 | RedHat | stf/service-telemetry-rhel8-operator:1.5.1-8 | * |
| STF-1.5-RHEL-8 | RedHat | stf/sg-bridge-rhel8:1.5.0-18 | * |
| STF-1.5-RHEL-8 | RedHat | stf/sg-core-rhel8:5.1.1-8 | * |
| STF-1.5-RHEL-8 | RedHat | stf/smart-gateway-operator-bundle:5.0.1697612918-1 | * |
| STF-1.5-RHEL-8 | RedHat | stf/smart-gateway-rhel8-operator:5.0.1-9 | * |
| Golang | Ubuntu | trusty | * |
| Golang | Ubuntu | xenial | * |
| Golang-1.10 | Ubuntu | bionic | * |
| Golang-1.10 | Ubuntu | trusty | * |
| Golang-1.10 | Ubuntu | trusty/esm | * |
| Golang-1.10 | Ubuntu | xenial | * |
| Golang-1.13 | Ubuntu | bionic | * |
| Golang-1.13 | Ubuntu | focal | * |
| Golang-1.13 | Ubuntu | kinetic | * |
| Golang-1.13 | Ubuntu | xenial | * |
| Golang-1.14 | Ubuntu | focal | * |
| Golang-1.16 | Ubuntu | bionic | * |
| Golang-1.16 | Ubuntu | focal | * |
| Golang-1.16 | Ubuntu | trusty | * |
| Golang-1.16 | Ubuntu | xenial | * |
| Golang-1.17 | Ubuntu | trusty | * |
| Golang-1.17 | Ubuntu | xenial | * |
| Golang-1.18 | Ubuntu | bionic | * |
| Golang-1.18 | Ubuntu | focal | * |
| Golang-1.18 | Ubuntu | trusty | * |
| Golang-1.18 | Ubuntu | xenial | * |
| Golang-1.6 | Ubuntu | trusty | * |
| Golang-1.6 | Ubuntu | xenial | * |
| Golang-1.8 | Ubuntu | bionic | * |
| Golang-1.9 | Ubuntu | bionic | * |
Potential Mitigations
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Related Attack Patterns
References
- https://go.dev/cl/471255
- https://go.dev/issue/58647
- https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
- https://pkg.go.dev/vuln/GO-2023-1621
- https://go.dev/cl/471255
- https://go.dev/issue/58647
- https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
- https://pkg.go.dev/vuln/GO-2023-1621
- https://security.netapp.com/advisory/ntap-20230331-0011/