data/reports: add GO-2023-1709.yaml

Aliases: CVE-2023-25000, GHSA-vq4h-9ghm-qmrr Fixes #1709 Change-Id: I55a09987916e1e2a93c8ca152bddea8b0faf6d15 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/484035 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tim King <taking@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
golang · Apr 12, 2023 · e62d420 · e62d420
1 parent 59728fd
commit e62d420
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 0 deletions.
diff --git a/data/osv/GO-2023-1709.json b/data/osv/GO-2023-1709.json
@@ -0,0 +1,75 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1709",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-25000",
+    "GHSA-vq4h-9ghm-qmrr"
+  ],
+  "details": "HashiCorp Vault's implementation of Shamir's secret sharing uses precomputed table lookups, and is vulnerable to cache-timing attacks.\n\nAn attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares.",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/hashicorp/vault",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.11.9"
+            },
+            {
+              "introduced": "1.12.0"
+            },
+            {
+              "fixed": "1.12.5"
+            },
+            {
+              "introduced": "1.13.0"
+            },
+            {
+              "fixed": "1.13.1"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/hashicorp/vault/shamir",
+            "symbols": [
+              "Combine",
+              "Split",
+              "div",
+              "mult"
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "FIX",
+      "url": "https://github.com/hashicorp/vault/pull/19495"
+    },
+    {
+      "type": "WEB",
+      "url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Giuseppe Cocomazzi"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1709"
+  }
+}
diff --git a/data/reports/GO-2023-1709.yaml b/data/reports/GO-2023-1709.yaml
@@ -0,0 +1,35 @@
+modules:
+  - module: github.com/hashicorp/vault
+    versions:
+      - fixed: 1.11.9
+      - introduced: 1.12.0
+        fixed: 1.12.5
+      - introduced: 1.13.0
+        fixed: 1.13.1
+    vulnerable_at: 1.13.0
+    packages:
+      - package: github.com/hashicorp/vault/shamir
+        symbols:
+          - div
+          - mult
+        derived_symbols:
+          - Combine
+          - Split
+summary: |
+    Shamir's secret sharing implementation vulnerable to cache-timing attacks
+    in HashiCorp Vault
+description: |
+    HashiCorp Vault's implementation of Shamir's secret sharing uses precomputed
+    table lookups, and is vulnerable to cache-timing attacks.
+
+    An attacker with access to, and the ability to observe a large number of
+    unseal operations on the host through a side channel may reduce the search
+    space of a brute force effort to recover the Shamir shares.
+cves:
+  - CVE-2023-25000
+ghsas:
+  - GHSA-vq4h-9ghm-qmrr
+credit: Giuseppe Cocomazzi
+references:
+  - fix: https://github.com/hashicorp/vault/pull/19495
+  - web: https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078