x/vulndb: potential Go vuln in filippo.io/nistec: GHSA-f6hc-9g49-xmx7

[GoVulnBot]

In GitHub Security Advisory GHSA-f6hc-9g49-xmx7, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
filippo.io/nistec	0.0.2	< 0.0.2

Cross references:

• CVE-2023-24533 appears in issue x/vulndb: Go vuln in filippo.io/nistec #1595
• Module filippo.io/nistec appears in issue x/vulndb: Go vuln in filippo.io/nistec #1595

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: filippo.io/nistec
    versions:
      - fixed: 0.0.2
    packages:
      - package: filippo.io/nistec
description: |-
    Multiplication of certain unreduced P-256 scalars produce incorrect results.

    There are no protocols known at this time that can be attacked due to this.

    From the fix commit notes:

    Unlike the rest of nistec, the P-256 assembly doesn't use complete
    addition formulas, meaning that p256PointAdd[Affine]Asm won't return the
    correct value if the two inputs are equal.

    This was (undocumentedly) ignored in the scalar multiplication loops
    because as long as the input point is not the identity and the scalar is
    lower than the order of the group, the addition inputs can't be the same.

    As part of the math/big rewrite, we went however from always reducing
    the scalar to only checking its length, under the incorrect assumption
    that the scalar multiplication loop didn't require reduction.
cves:
  - CVE-2023-24533
ghsas:
  - GHSA-f6hc-9g49-xmx7
references:
  - fix: https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244
  - report: https://go.dev/issue/58647
  - web: https://pkg.go.dev/vuln/GO-2023-1595
  - advisory: https://github.com/advisories/GHSA-f6hc-9g49-xmx7

[zpavlinovic]

Duplicate of #1595