Home > Vulnerability Database > CVE-2023-24532

Mend.io Vulnerability Database

CVE-2023-24532

Good to know:

Date: March 8, 2023

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

Language: Go

Severity Score

5.3

Related Resources (8)

Url: https://access.redhat.com/security/cve/CVE-2023-24532

Url: https://groups.google.com/g/golang-announce/c/3-TpUx48iQY

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-24532

Url: https://security-tracker.debian.org/tracker/CVE-2023-24532

Url: https://go.dev/issue/58647

Url: https://pkg.go.dev/vuln/GO-2023-1621

Url: https://go.dev/cl/471255

Url: https://www.mend.io/vulnerability-database/CVE-2023-24532

Severity Score

5.3

Weakness Type (CWE)

Incorrect Calculation

CWE-682

Top Fix

Upgrade Version

Upgrade to version go1.20.2

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-24532

Good to know:

Date: March 8, 2023

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?