[ALPINE:CVE-2023-24532] go vulnerability

Severity Medium

Affected Packages 22

Fixed Packages 22

CVEs 1

[From CVE-2023-24532] The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

Package	Affected Version
pkg:apk/alpine/go?arch=x86_64&distro=alpine-edge	< 1.20.2-r0
pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.18	< 1.20.2-r0
pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.17	< 1.19.7-r0
pkg:apk/alpine/go?arch=x86&distro=alpine-edge	< 1.20.2-r0
pkg:apk/alpine/go?arch=x86&distro=alpine-3.18	< 1.20.2-r0
pkg:apk/alpine/go?arch=x86&distro=alpine-3.17	< 1.19.7-r0
pkg:apk/alpine/go?arch=s390x&distro=alpine-edge	< 1.20.2-r0
pkg:apk/alpine/go?arch=s390x&distro=alpine-3.18	< 1.20.2-r0
pkg:apk/alpine/go?arch=s390x&distro=alpine-3.17	< 1.19.7-r0
pkg:apk/alpine/go?arch=riscv64&distro=alpine-edge	< 1.20.2-r0
pkg:apk/alpine/go?arch=ppc64le&distro=alpine-edge	< 1.20.2-r0
pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.18	< 1.20.2-r0
pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.17	< 1.19.7-r0
pkg:apk/alpine/go?arch=armv7&distro=alpine-edge	< 1.20.2-r0
pkg:apk/alpine/go?arch=armv7&distro=alpine-3.18	< 1.20.2-r0
pkg:apk/alpine/go?arch=armv7&distro=alpine-3.17	< 1.19.7-r0
pkg:apk/alpine/go?arch=armhf&distro=alpine-edge	< 1.20.2-r0
pkg:apk/alpine/go?arch=armhf&distro=alpine-3.18	< 1.20.2-r0
pkg:apk/alpine/go?arch=armhf&distro=alpine-3.17	< 1.19.7-r0
pkg:apk/alpine/go?arch=aarch64&distro=alpine-edge	< 1.20.2-r0
pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.18	< 1.20.2-r0
pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.17	< 1.19.7-r0

Package	Fixed Version
pkg:apk/alpine/go?arch=x86_64&distro=alpine-edge	= 1.20.2-r0
pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.18	= 1.20.2-r0
pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.17	= 1.19.7-r0
pkg:apk/alpine/go?arch=x86&distro=alpine-edge	= 1.20.2-r0
pkg:apk/alpine/go?arch=x86&distro=alpine-3.18	= 1.20.2-r0
pkg:apk/alpine/go?arch=x86&distro=alpine-3.17	= 1.19.7-r0
pkg:apk/alpine/go?arch=s390x&distro=alpine-edge	= 1.20.2-r0
pkg:apk/alpine/go?arch=s390x&distro=alpine-3.18	= 1.20.2-r0
pkg:apk/alpine/go?arch=s390x&distro=alpine-3.17	= 1.19.7-r0
pkg:apk/alpine/go?arch=riscv64&distro=alpine-edge	= 1.20.2-r0
pkg:apk/alpine/go?arch=ppc64le&distro=alpine-edge	= 1.20.2-r0
pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.18	= 1.20.2-r0
pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.17	= 1.19.7-r0
pkg:apk/alpine/go?arch=armv7&distro=alpine-edge	= 1.20.2-r0
pkg:apk/alpine/go?arch=armv7&distro=alpine-3.18	= 1.20.2-r0
pkg:apk/alpine/go?arch=armv7&distro=alpine-3.17	= 1.19.7-r0
pkg:apk/alpine/go?arch=armhf&distro=alpine-edge	= 1.20.2-r0
pkg:apk/alpine/go?arch=armhf&distro=alpine-3.18	= 1.20.2-r0
pkg:apk/alpine/go?arch=armhf&distro=alpine-3.17	= 1.19.7-r0
pkg:apk/alpine/go?arch=aarch64&distro=alpine-edge	= 1.20.2-r0
pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.18	= 1.20.2-r0
pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.17	= 1.19.7-r0

ID

ALPINE:CVE-2023-24532

Severity

medium

Severity from

CVE-2023-24532

URL

https://security.alpinelinux.org/vuln/CVE-2023-24532

Published

2023-03-08T20:15:09
(18 months ago)

Modified

2023-03-08T20:15:09
(18 months ago)

Rights

Alpine Linux Security Team

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Fixed	pkg:apk/alpine/go?arch=x86_64&distro=alpine-edge	alpine	go	= 1.20.2-r0	alpine-edge	x86_64
Affected	pkg:apk/alpine/go?arch=x86_64&distro=alpine-edge	alpine	go	< 1.20.2-r0	alpine-edge	x86_64
Fixed	pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.18	alpine	go	= 1.20.2-r0	alpine-3.18	x86_64
Affected	pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.18	alpine	go	< 1.20.2-r0	alpine-3.18	x86_64
Fixed	pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.17	alpine	go	= 1.19.7-r0	alpine-3.17	x86_64
Affected	pkg:apk/alpine/go?arch=x86_64&distro=alpine-3.17	alpine	go	< 1.19.7-r0	alpine-3.17	x86_64
Fixed	pkg:apk/alpine/go?arch=x86&distro=alpine-edge	alpine	go	= 1.20.2-r0	alpine-edge	x86
Affected	pkg:apk/alpine/go?arch=x86&distro=alpine-edge	alpine	go	< 1.20.2-r0	alpine-edge	x86
Fixed	pkg:apk/alpine/go?arch=x86&distro=alpine-3.18	alpine	go	= 1.20.2-r0	alpine-3.18	x86
Affected	pkg:apk/alpine/go?arch=x86&distro=alpine-3.18	alpine	go	< 1.20.2-r0	alpine-3.18	x86
Fixed	pkg:apk/alpine/go?arch=x86&distro=alpine-3.17	alpine	go	= 1.19.7-r0	alpine-3.17	x86
Affected	pkg:apk/alpine/go?arch=x86&distro=alpine-3.17	alpine	go	< 1.19.7-r0	alpine-3.17	x86
Fixed	pkg:apk/alpine/go?arch=s390x&distro=alpine-edge	alpine	go	= 1.20.2-r0	alpine-edge	s390x
Affected	pkg:apk/alpine/go?arch=s390x&distro=alpine-edge	alpine	go	< 1.20.2-r0	alpine-edge	s390x
Fixed	pkg:apk/alpine/go?arch=s390x&distro=alpine-3.18	alpine	go	= 1.20.2-r0	alpine-3.18	s390x
Affected	pkg:apk/alpine/go?arch=s390x&distro=alpine-3.18	alpine	go	< 1.20.2-r0	alpine-3.18	s390x
Fixed	pkg:apk/alpine/go?arch=s390x&distro=alpine-3.17	alpine	go	= 1.19.7-r0	alpine-3.17	s390x
Affected	pkg:apk/alpine/go?arch=s390x&distro=alpine-3.17	alpine	go	< 1.19.7-r0	alpine-3.17	s390x
Fixed	pkg:apk/alpine/go?arch=riscv64&distro=alpine-edge	alpine	go	= 1.20.2-r0	alpine-edge	riscv64
Affected	pkg:apk/alpine/go?arch=riscv64&distro=alpine-edge	alpine	go	< 1.20.2-r0	alpine-edge	riscv64
Fixed	pkg:apk/alpine/go?arch=ppc64le&distro=alpine-edge	alpine	go	= 1.20.2-r0	alpine-edge	ppc64le
Affected	pkg:apk/alpine/go?arch=ppc64le&distro=alpine-edge	alpine	go	< 1.20.2-r0	alpine-edge	ppc64le
Fixed	pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.18	alpine	go	= 1.20.2-r0	alpine-3.18	ppc64le
Affected	pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.18	alpine	go	< 1.20.2-r0	alpine-3.18	ppc64le
Fixed	pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.17	alpine	go	= 1.19.7-r0	alpine-3.17	ppc64le
Affected	pkg:apk/alpine/go?arch=ppc64le&distro=alpine-3.17	alpine	go	< 1.19.7-r0	alpine-3.17	ppc64le
Fixed	pkg:apk/alpine/go?arch=armv7&distro=alpine-edge	alpine	go	= 1.20.2-r0	alpine-edge	armv7
Affected	pkg:apk/alpine/go?arch=armv7&distro=alpine-edge	alpine	go	< 1.20.2-r0	alpine-edge	armv7
Fixed	pkg:apk/alpine/go?arch=armv7&distro=alpine-3.18	alpine	go	= 1.20.2-r0	alpine-3.18	armv7
Affected	pkg:apk/alpine/go?arch=armv7&distro=alpine-3.18	alpine	go	< 1.20.2-r0	alpine-3.18	armv7
Fixed	pkg:apk/alpine/go?arch=armv7&distro=alpine-3.17	alpine	go	= 1.19.7-r0	alpine-3.17	armv7
Affected	pkg:apk/alpine/go?arch=armv7&distro=alpine-3.17	alpine	go	< 1.19.7-r0	alpine-3.17	armv7
Fixed	pkg:apk/alpine/go?arch=armhf&distro=alpine-edge	alpine	go	= 1.20.2-r0	alpine-edge	armhf
Affected	pkg:apk/alpine/go?arch=armhf&distro=alpine-edge	alpine	go	< 1.20.2-r0	alpine-edge	armhf
Fixed	pkg:apk/alpine/go?arch=armhf&distro=alpine-3.18	alpine	go	= 1.20.2-r0	alpine-3.18	armhf
Affected	pkg:apk/alpine/go?arch=armhf&distro=alpine-3.18	alpine	go	< 1.20.2-r0	alpine-3.18	armhf
Fixed	pkg:apk/alpine/go?arch=armhf&distro=alpine-3.17	alpine	go	= 1.19.7-r0	alpine-3.17	armhf
Affected	pkg:apk/alpine/go?arch=armhf&distro=alpine-3.17	alpine	go	< 1.19.7-r0	alpine-3.17	armhf
Fixed	pkg:apk/alpine/go?arch=aarch64&distro=alpine-edge	alpine	go	= 1.20.2-r0	alpine-edge	aarch64
Affected	pkg:apk/alpine/go?arch=aarch64&distro=alpine-edge	alpine	go	< 1.20.2-r0	alpine-edge	aarch64
Fixed	pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.18	alpine	go	= 1.20.2-r0	alpine-3.18	aarch64
Affected	pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.18	alpine	go	< 1.20.2-r0	alpine-3.18	aarch64
Fixed	pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.17	alpine	go	= 1.19.7-r0	alpine-3.17	aarch64
Affected	pkg:apk/alpine/go?arch=aarch64&distro=alpine-3.17	alpine	go	< 1.19.7-r0	alpine-3.17	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date