CVE-2023-49292

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49292
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49292.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-49292
Aliases
Related
Published
2023-12-05T00:15:09Z
Modified
2025-01-08T15:23:10.998373Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.

References

Affected packages

Git / github.com/ecies/go

Affected ranges

Type
GIT
Repo
https://github.com/ecies/go
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7