CVE-2023-1732 - Vulnerability Details - OpenCVE

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.

The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00192.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cloudflare	Circl

Configuration 1 [-]

cpe:2.3:a:cloudflare:circl:*:*:*:*:*:go:*:*

No data.

No data.

References

Link	Providers
https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x

History

Mon, 27 Jan 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cloudflare

Published: 2023-05-10T11:41:53.902Z

Updated: 2025-01-27T18:32:25.797Z

Reserved: 2023-03-30T15:16:57.957Z

Link: CVE-2023-1732

Vulnrichment

Updated: 2024-08-02T05:57:24.987Z

NVD

Status : Modified

Published: 2023-05-10T12:15:10.523

Modified: 2024-11-21T07:39:47.283

Link: CVE-2023-1732

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1732", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "dateReserved": "2023-03-30T15:16:57.957Z", "datePublished": "2023-05-10T11:41:53.902Z", "dateUpdated": "2025-01-27T18:32:25.797Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/cloudflare/circl", "defaultStatus": "unaffected", "platforms": ["Go"], "product": "CIRCL", "vendor": "Cloudflare", "versions": [{"lessThan": "<1.3.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tom Thorogood"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether <code>crypto/rand.Read()</code> returns an error. In rare deployment cases (error thrown by the <code>Read()</code> function), this could lead to a predictable shared secret.</p><p>The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides <code>crypto/rand.Reader</code>, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.</p>"}], "value": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read()\u00a0returns an error. In rare deployment cases (error thrown by the Read()\u00a0function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n"}], "impacts": [{"capecId": "CAPEC-620", "descriptions": [{"lang": "en", "value": "CAPEC-620 Drop Encryption Level"}]}, {"capecId": "CAPEC-20", "descriptions": [{"lang": "en", "value": "CAPEC-20 Encryption Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2023-05-10T11:41:53.902Z"}, "references": [{"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"}], "source": {"discovery": "EXTERNAL"}, "title": "Improper random reading in CIRCL", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:24.987Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-27T18:32:18.233703Z", "id": "CVE-2023-1732", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T18:32:25.797Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:24.987Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1732", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-27T18:32:18.233703Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T18:32:21.977Z"}}], "cna": {"title": "Improper random reading in CIRCL", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tom Thorogood"}], "impacts": [{"capecId": "CAPEC-620", "descriptions": [{"lang": "en", "value": "CAPEC-620 Drop Encryption Level"}]}, {"capecId": "CAPEC-20", "descriptions": [{"lang": "en", "value": "CAPEC-20 Encryption Brute Forcing"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cloudflare", "product": "CIRCL", "versions": [{"status": "affected", "version": "0", "lessThan": "<1.3.3", "versionType": "semver"}], "platforms": ["Go"], "collectionURL": "https://github.com/cloudflare/circl", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read()\u00a0returns an error. In rare deployment cases (error thrown by the Read()\u00a0function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether <code>crypto/rand.Read()</code> returns an error. In rare deployment cases (error thrown by the <code>Read()</code> function), this could lead to a predictable shared secret.</p><p>The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides <code>crypto/rand.Reader</code>, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2023-05-10T11:41:53.902Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1732", "state": "PUBLISHED", "dateUpdated": "2025-01-27T18:32:25.797Z", "dateReserved": "2023-03-30T15:16:57.957Z", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "datePublished": "2023-05-10T11:41:53.902Z", "assignerShortName": "cloudflare"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:circl:*:*:*:*:*:go:*:*", "matchCriteriaId": "39A6B412-BB17-403E-B83A-FCFAD155C1B9", "versionEndExcluding": "1.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read()\u00a0returns an error. In rare deployment cases (error thrown by the Read()\u00a0function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n"}], "id": "CVE-2023-1732", "lastModified": "2024-11-21T07:39:47.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "cna@cloudflare.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-10T12:15:10.523", "references": [{"source": "cna@cloudflare.com", "tags": ["Vendor Advisory"], "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-755"}], "source": "cna@cloudflare.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}