VDB

RHSA-2023%3A5947

RHSA-2023%3A5947 PUBLISHED CVSS 5.300000190734863 MEDIUM

A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Red Hatrun-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 as a component of RODOO 1.0 for RHEL 8run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64, *, *
Red Hatrun-once-duration-override-operator
Red Hatrun-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 as a component of RODOO 1.0 for RHEL 8run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64, *, run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64
Red Hatrun-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 as a component of RODOO 1.0 for RHEL 8*, *, run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64
Red Hatrun-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 as a component of RODOO 1.0 for RHEL 8*, *, run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64
Red Hatrun-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 as a component of RODOO 1.0 for RHEL 8*, run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64, run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64
Red Hatrun-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 as a component of RODOO 1.0 for RHEL 8run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64, *, *

Timeline

  • Oct 26, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›