Go Crypto Randomness Check Defect Weakens Shared Secret in Kyber, FrodoKEM
CVE-2023-1732 Published on May 10, 2023
Improper random reading in CIRCL
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.
The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.
Vulnerability Analysis
CVE-2023-1732 is exploitable with local system access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Types
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.
Products Associated with CVE-2023-1732
Want to know whenever a new CVE is published for CloudFlare Circl? stack.watch will email you.
Affected Versions
Cloudflare CIRCL:- Before <1.3.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.