csaf_redhat - rhsa-2023

rhsa-2023_4892

Vulnerability from csaf_redhat

Published

2023-08-31 00:59

Modified

2024-11-14 00:06

Summary

Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update

Notes

Topic

The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Migration Toolkit for Containers (MTC) 1.7.12 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:4892",
        "url": "https://access.redhat.com/errata/RHSA-2023:4892"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2223355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4892.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-14T00:06:08+00:00",
      "generator": {
        "date": "2024-11-14T00:06:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2023:4892",
      "initial_release_date": "2023-08-31T00:59:09+00:00",
      "revision_history": [
        {
          "date": "2023-08-31T00:59:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-08-31T00:59:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T00:06:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-RHMTC-1.7",
                "product": {
                  "name": "8Base-RHMTC-1.7",
                  "product_id": "8Base-RHMTC-1.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhmt:1.7::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Migration Toolkit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1_amd64",
                  "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb_amd64",
                  "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c_amd64",
                  "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.12-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5_amd64",
                  "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c_amd64",
                  "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4_amd64",
                  "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae_amd64",
                  "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e_amd64",
                  "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346_amd64",
                  "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993_amd64",
                  "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7_amd64",
                  "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64",
                "product": {
                  "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64",
                  "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.12-1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64"
        },
        "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24532",
      "cwe": {
        "id": "CWE-682",
        "name": "Incorrect Calculation"
      },
      "discovery_date": "2023-07-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2223355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:064fda52e67ca2a5952a3c5907610cd2dc169d2ffe075d4ffac61693f401caf1_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:cd222d1a89927006d230dc522e1d3bd8e8356d9bb8a25d25978c5e760d9777eb_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:0af41bcdfc3104b6a661a6d79ec600f8d9b50fd8de8ff6d0e08234d5cfda433c_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:cf8a0acc5f6fb258c28f0ef6af05eb4ba50e584ff0f703561f50aabae65339b5_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:364e6ff8859bb4ea51766eff27c2974f97616336d2cd8ff4affdb40d7c10a14c_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:ff7ed533c04b343eb3b1562d7bcf81b2ab44df557b3798f25af7ec371632f7e4_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9f82a2133d2b33b25f6c99c9a83cf69d636509d33ff636748cf1709aee215d6e_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:e8454672c63475813af0e3d114d80b8c07fc686041fbec16850dafae365b6346_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:e0d836ccd0051f5e66d2db838683c9b718be7d86f9d197affab50513a0a33fae_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7eb1d3af9e38920284e5f884add7d924c26e19527a93410ba0caebc60610f993_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4abcda42d46c19f4832eeb5ba6a828e7b46c47ffa7b435c1bb3c73621e7041e7_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:b156f8b4d347068175cf8e63dd4ae5f996fd2da37583b3af78a17566f6ae799c_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:cb614daf5d4b563af636e94cf5569ccc6623bcccc2f7471f45573539ed37b164_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:84b6e44c5e878eba056a95832f34581ec54690dcbc9b8a2e1b416dd426a4e4ad_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:65b9f6be2c592306373daa8cdcbf5f791a674ae62198a87e4d608308272d74b7_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:2d5d1c7723833c83089c61835a8697e5af6bf2e8f16ae21f1a046e8b5e701649_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24532"
        },
        {
          "category": "external",
          "summary": "RHBZ#2223355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/471255",
          "url": "https://go.dev/cl/471255"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/58647",
          "url": "https://go.dev/issue/58647"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY",
          "url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-1621",
          "url": "https://pkg.go.dev/vuln/GO-2023-1621"
        }
      ],
      "release_date": "2023-03-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-31T00:59:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4892"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:60a25312b943e5f6dba5610817c98bdfbc297e60d53742559285174ebecf2a57_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results"
    }
  ]
}

cve-2023-24532

Vulnerability from cvelistv5

Published

2023-03-08 19:40

Modified

2024-08-02 10:56

Severity ?

Summary

Incorrect calculation on P256 curves in crypto/internal/nistec

References

▼	URL	Tags
	https://go.dev/issue/58647
	https://go.dev/cl/471255
	https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
	https://pkg.go.dev/vuln/GO-2023-1621

Impacted products

▼	Vendor	Product
	Go standard library	crypto/internal/nistec

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230331-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/58647"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/471255"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1621"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24532",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T15:58:31.679478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T15:58:40.921Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/internal/nistec",
          "product": "crypto/internal/nistec",
          "programRoutines": [
            {
              "name": "P256Point.ScalarBaseMult"
            },
            {
              "name": "P256Point.ScalarMult"
            },
            {
              "name": "P256OrdInverse"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.2",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken, via the Ethereum Foundation bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-682: Incorrect Calculation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:07:52.290Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/58647"
        },
        {
          "url": "https://go.dev/cl/471255"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1621"
        }
      ],
      "title": "Incorrect calculation on P256 curves in crypto/internal/nistec"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24532",
    "datePublished": "2023-03-08T19:40:45.425Z",
    "dateReserved": "2023-01-25T21:19:20.641Z",
    "dateUpdated": "2024-08-02T10:56:04.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted