CVE-2026-1229

EPSS 0.02%
Veröffentlicht 24.02.2026 07:58:54
Zuletzt bearbeitet 03.03.2026 00:29:54
Quelle cna@cloudflare.com
CVE-Watchlists
Login
Unerledigt
Login

Incorrect calculation in CIRCL secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.
ECDH and ECDSA signing relying on this curve are not affected.

The bug was fixed in  v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudflare ≫ Circl SwPlatformgo Version < 1.6.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@cloudflare.com	2.9	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:Amber

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://github.com/cloudflare/circl

Product

https://nvd.nist.gov/vuln/detail/CVE-2026-1229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1229

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1229