Skip to content

Commit

Permalink
data/reports: add GO-2024-2469.yaml
Browse files Browse the repository at this point in the history
Aliases: GHSA-f6jh-hvg2-9525

Fixes #2469

Change-Id: I516d6a99ca0b29ed6226730653857e8b84ebb575
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/556375
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Tatiana Bradley <[email protected]>
  • Loading branch information
Maceo Thompson committed Jan 17, 2024
1 parent 5487ce1 commit 432d3ed
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 0 deletions.
69 changes: 69 additions & 0 deletions data/osv/GO-2024-2469.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2469",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-f6jh-hvg2-9525"
],
"summary": "Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go",
"details": "Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go",
"affected": [
{
"package": {
"name": "github.com/kudelskisecurity/crystals-go",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20240116172146-2a6ca2d4e64d"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/kudelskisecurity/crystals-go/crystals-kyber",
"symbols": [
"Kyber.Decaps",
"Kyber.Decrypt",
"Kyber.Encaps"
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/kudelskisecurity/crystals-go/security/advisories/GHSA-f6jh-hvg2-9525"
},
{
"type": "ARTICLE",
"url": "https://kyberslash.cr.yp.to/faq"
},
{
"type": "FIX",
"url": "https://github.com/kudelskisecurity/crystals-go/pull/20"
},
{
"type": "FIX",
"url": "https://github.com/kudelskisecurity/crystals-go/pull/21"
},
{
"type": "REPORT",
"url": "https://github.com/kudelskisecurity/crystals-go/issues/19"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2469"
}
}
21 changes: 21 additions & 0 deletions data/reports/GO-2024-2469.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
id: GO-2024-2469
modules:
- module: github.com/kudelskisecurity/crystals-go
versions:
- fixed: 0.0.0-20240116172146-2a6ca2d4e64d
vulnerable_at: 0.0.0-20240110153620-c06ce985b2b8
packages:
- package: github.com/kudelskisecurity/crystals-go/crystals-kyber
symbols:
- Kyber.Decrypt
- Kyber.Encaps
- Kyber.Decaps
summary: Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go
ghsas:
- GHSA-f6jh-hvg2-9525
references:
- advisory: https://github.com/kudelskisecurity/crystals-go/security/advisories/GHSA-f6jh-hvg2-9525
- article: https://kyberslash.cr.yp.to/faq
- fix: https://github.com/kudelskisecurity/crystals-go/pull/20
- fix: https://github.com/kudelskisecurity/crystals-go/pull/21
- report: https://github.com/kudelskisecurity/crystals-go/issues/19

0 comments on commit 432d3ed

Please sign in to comment.