CVE-2017-8932

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html	Patch Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html	Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1859
https://bugzilla.redhat.com/show_bug.cgi?id=1455191	Issue Tracking Third Party Advisory
https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c	Issue Tracking Patch Third Party Advisory
https://github.com/golang/go/issues/20040	Third Party Advisory
https://go-review.googlesource.com/c/41070/	Vendor Advisory
https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/
http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html	Patch Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html	Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1859
https://bugzilla.redhat.com/show_bug.cgi?id=1455191	Issue Tracking Third Party Advisory
https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c	Issue Tracking Patch Third Party Advisory
https://github.com/golang/go/issues/20040	Third Party Advisory
https://go-review.googlesource.com/c/41070/	Vendor Advisory
https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:golang:go::::::::
	cpe:2.3:a:golang:go:1.8:::::::*
	cpe:2.3:a:golang:go:1.8.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*
	cpe:2.3:o:fedoraproject:fedora:25:::::::*
	cpe:2.3:o:opensuse:leap:42.2:::::::*

History

No history.

Information

Published : 2017-07-06 16:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-8932

Mitre link : CVE-2017-8932

CVE.ORG link : CVE-2017-8932

JSON object : View

Products Affected

golang

novell

suse_package_hub_for_suse_linux_enterprise

fedoraproject

fedora

opensuse

leap

CWE

CWE-682

Incorrect Calculation

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-8932

5.9^/10

4.3^/10

Attach tags to `CVE-2017-8932`