Description
The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.
ECDH and ECDSA signing relying on this curve are not affected.

The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .
Published: 2026-02-24
Score: 2.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Incorrect calculation in the ecc/p384 CombinedMult function on the secp384r1 curve
Action: Apply Update
AI Analysis

Impact

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. While ECDH and ECDSA signing that rely on this curve are not impacted, an erroneous calculation in CombinedMult could compromise any operation that uses this routine, potentially leading to data integrity or authentication failures.

Affected Systems

Affected systems include any applications that incorporate Cloudflare's CIRCL cryptographic library, specifically versions of the ecc/p384 implementation prior to v1.6.3. The bug was fixed in CIRCL version 1.6.3, so all earlier versions are vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 2.9, indicating low severity, and an EPSS score of less than 1%, reflecting a very low likelihood of exploitation. It is not listed in CISA's KEV catalog. No direct attack vector is documented; exploitation would likely require an attacker to supply inputs that trigger the incorrect computation and rely on the consumer of CombinedMult to misinterpret the result. Consequently, the immediate risk to systems remains minimal but warrants patching to eliminate potential integrity issues.

Generated by OpenCVE AI on April 17, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the CIRCL library to version 1.6.3 or later to apply the fixed CombinedMult implementation.
  • Verify that any code paths or services in your application that originally invoked CombinedMult are functioning with the updated library and are not impacted by the bug.
  • Observe application behavior after the upgrade to ensure no residual data integrity or authentication anomalies appear, and monitor for future advisories.

Generated by OpenCVE AI on April 17, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-q9hv-hpm4-hj6x CIRCL has an incorrect calculation in secp384r1 CombinedMult
References
Link Providers
https://github.com/cloudflare/circl cve-icon cve-icon
History

Tue, 03 Mar 2026 00:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cloudflare:circl:*:*:*:*:*:go:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cloudflare
Cloudflare circl
Vendors & Products Cloudflare
Cloudflare circl

Tue, 24 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 08:15:00 +0000

Type Values Removed Values Added
Description The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .
Title Incorrect calculation in CIRCL secp384r1 CombinedMult
Weaknesses CWE-682
References
Metrics cvssV4_0

{'score': 2.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber'}

Subscriptions

Cloudflare Circl
cve-icon MITRE

Status: PUBLISHED

Assigner: cloudflare

Published:

Updated: 2026-02-24T15:10:21.738Z

Reserved: 2026-01-20T13:09:57.206Z

Link: CVE-2026-1229

cve-icon Vulnrichment

Updated: 2026-02-24T15:06:03.406Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T08:16:28.407

Modified: 2026-03-03T00:29:54.160

Link: CVE-2026-1229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:00:11Z

Weaknesses