// For flags

CVE-2017-8932

golang: Elliptic curves carry propagation issue in x86-64 P-256

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.

Un error en la implementación de la biblioteca estándar ScalarMult de curve P-256 para arquitecturas amd64 en Go anterior a versión 1.7.6 y 1.8.x anterior a versión 1.8.2, causa resultados incorrectos para ser generados por puntos de entrada específicos. Se puede montar un ataque adaptativo para extraer progresivamente la entrada scalar hacia ScalarMult mediante el envío de puntos creados y observando fallos para la salida correcta derivada. Esto conduce a un ataque de recuperación de clave completa contra ECDH estático, tal y como es usado en las bibliotecas populares JWT.

A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could possibly use this flaw to extract private keys when static ECDH was used.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-05-15 CVE Reserved
  • 2017-07-06 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-682: Incorrect Calculation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Golang
Search vendor "Golang"
 Go
Search vendor "Golang" for product "Go"
 <= 1.7.5
Search vendor "Golang" for product "Go" and version " <= 1.7.5"
-
Affected
Golang
Search vendor "Golang"
 Go
Search vendor "Golang" for product "Go"
 1.8
Search vendor "Golang" for product "Go" and version "1.8"
-
Affected
Golang
Search vendor "Golang"
 Go
Search vendor "Golang" for product "Go"
 1.8.1
Search vendor "Golang" for product "Go" and version "1.8.1"
-
Affected
Novell
Search vendor "Novell"
 Suse Package Hub For Suse Linux Enterprise
Search vendor "Novell" for product "Suse Package Hub For Suse Linux Enterprise"
 12
Search vendor "Novell" for product "Suse Package Hub For Suse Linux Enterprise" and version "12"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 25
Search vendor "Fedoraproject" for product "Fedora" and version "25"
-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
 42.2
Search vendor "Opensuse" for product "Leap" and version "42.2"
-
Affected