CVE-2017-8932
First published: Wed May 24 2017(Updated: )
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/golang | <1.7.6 | 1.7.6 |
| redhat/golang | <1.8.2 | 1.8.2 |
| Golang | <=1.7.5 | |
| Golang | =1.8 | |
| Golang | =1.8.1 | |
| SUSE Package Hub for SUSE Linux Enterprise | =12 | |
| Fedora | =25 | |
| SUSE Linux | =42.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html
- http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html
- https://access.redhat.com/errata/RHSA-2017:1859
- https://bugzilla.redhat.com/show_bug.cgi?id=1455191
- https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c
- https://github.com/golang/go/issues/20040
- https://go-review.googlesource.com/c/41070/
- https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/
- https://golang.org/cl/41070
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1455190
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1455191
- https://bugzilla.redhat.com/show_bug.cgi?id=1455189
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/
Frequently Asked Questions
What is the severity of CVE-2017-8932?
CVE-2017-8932 has been assigned a high severity rating due to the potential for an adaptive attack that can compromise sensitive data.
How do I fix CVE-2017-8932?
To fix CVE-2017-8932, upgrade to Go version 1.7.6 or 1.8.2 or later.
What systems are affected by CVE-2017-8932?
CVE-2017-8932 affects Go programming language versions up to 1.7.5 and specific 1.8.x versions before 1.8.2.
What types of attacks can exploit CVE-2017-8932?
CVE-2017-8932 can be exploited through adaptive attacks targeting the ScalarMult implementation on affected systems.
Is there a workaround for CVE-2017-8932?
There is no specific workaround for CVE-2017-8932; the recommended solution is to upgrade to the fixed versions.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-8932
- agent/software-canonical-lookup
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/golang
- canonical/golang
- version/golang/1.7.5
- version/golang/1.8
- version/golang/1.8.1
- vendor/novell
- canonical/suse package hub for suse linux enterprise
- version/suse package hub for suse linux enterprise/12
- vendor/fedoraproject
- canonical/fedora
- version/fedora/25
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.2