🛡️ CVE-2023-1732
🟡 CVSS 5.3 — Medium ✅ No Known Exploit CWE-20 NVD
5.3
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

Details

Severity MEDIUM
CVSS Score 5.3
CVSS Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
CWE CWE-20
Public Exploit ✅ No
Source NVD
Published 2023-05-10
Updated 2026-06-15
Modified 2024-11-21
Fix URL N/A

Affected Packages

Software From version Fixed in
circl 1.3.3
github.com/cloudflare/circl

Similar Threats

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.