-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability GHSA-2x5j-vhc8-9cwm in cloudflare/circl primarily stems from improper input validation in its FourQ elliptic curve implementation. This led to two main issues:
Diffie-Hellman Key Exchange Weakness: The Shared function in dh/curve4q/curve4Q.go was vulnerable because it did not check if a user-supplied public key would lead to an identity point (a low-order point) after scalar multiplication. An attacker could provide a crafted public key that forces the shared secret to be this known identity point, thereby compromising the session key. The patch added an explicit check for this condition (!Q.IsIdentity()).
Incorrect Elliptic Curve Point Validation: Several functions in ecc/fourq/point.go had flawed logic:
Point.Unmarshal: This function, responsible for converting a byte representation into a curve point, did not sufficiently ensure the resulting point was valid and on the curve, especially after internal adjustments. The patch refactored the validation logic to be more stringent.pointR1.IsOnCurve: This method incorrectly validated if a point was on the curve, particularly when the point's projective Z coordinate was zero. This could lead to invalid points being accepted.pointR1.isEqual: This method for comparing two points for equality also mishandled cases where Z coordinates were zero, leading to incorrect comparisons.The advisory mentions that "incorrect point validation in ScalarMult can lead to incorrect results in the isEqual function and if a point is on the curve." This means that the ScalarMult function could produce points (e.g., points with Z=0) which the then-vulnerable IsOnCurve or isEqual functions would misprocess. The fixes were applied directly to these validation and unmarshalling functions to correctly handle all cases, including those problematic points that might be output by ScalarMult or provided directly as input.
The identified vulnerable functions are those that contained the flawed logic, either by failing to perform necessary checks (as in Shared and Unmarshal) or by having incorrect validation algorithms (as in IsOnCurve and isEqual). These functions would appear in a runtime profile if the vulnerability were triggered, as they are the direct points of failure in validation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/cloudflare/circl | go | < 1.6.1 | 1.6.1 |