Go Standard Library Crypto Internal Nistec vulnerabilities
2 known vulnerabilities affecting go_standard_library/crypto_internal_nistec.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-22866MEDIUMCVSS 4.0fixed in 1.22.12≥ 1.23.0-0, < 1.23.6+1 more2025-02-06
CVE-2025-22866 [MEDIUM] CVE-2025-22866: Due to the usage of a variable time instruction in the assembly implementation of an internal functi
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
cvelistv5nvd
CVE-2023-24532MEDIUMCVSS 5.3fixed in 1.19.7≥ 1.20.0-0, < 1.20.22023-03-08
CVE-2023-24532 [MEDIUM] CWE-682 CVE-2023-24532: The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
cvelistv5nvd