CVE-2023-49292
CVSS V2 None
CVSS V3 None
Description
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.
Overview
- CVE ID
- CVE-2023-49292
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-12-04T23:12:03.059Z
- Last Modified Date
- 2023-12-04T23:12:03.059Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/ecies/go/security/advisories/GHSA-8j98-cjfr-qx3h | x_refsource_CONFIRM |
| https://github.com/ecies/go/commit/c6e775163866d6ea5233eb8ec8530a9122101ebd | x_refsource_MISC |
| https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md | x_refsource_MISC |
| https://github.com/ecies/go/releases/tag/v2.0.8 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-49292 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49292 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 12:42:05 | Added to TrackCVE |