Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14Mjc5LTY4cnItanA0cM4AAvME

Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function

Impact

Blst versions v0.3.0 to v0.3.2 can produce the incorrect outputs for some inputs to the blst_fp_eucl_inverse function. This could theoretically result in the creation of an invalid signature from correct inputs. However, fuzzing of higher level functions such as sign and verify were unable to produce incorrect results and there has been no reported occurrences of this issue being encountered in production use.

Description

During the course of differential fuzzing of the blst library by @guidovranken it was discovered that blst would produce the incorrect result for some input values in the inverse function. This was the result of the introduction of a new inversion formula in version v0.3.0. This source of these incorrect outputs was due to two issues:

  1. The amount of inner loop iterations was not sufficient for the algorithm to converge.
  2. It was erroneously assumed that the absolute value of the intermediate result would be capped at 767-bits. As a result, some output values were truncated by one bit or the most significant bit was misinterpreted as the sign.

Patches

This issue has been resolved in the v0.3.3 release and users are recommended to upgrade immediately.

References

The software used to uncover this issue can be found here.

Credits

A special thanks to Guido Vranken (@guidovranken) for his discovery and disclosure of this vulnerability.

For more information

If you have any questions or comments about this advisory please email us at [email protected]

Permalink: https://github.com/advisories/GHSA-x279-68rr-jp4p
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Mjc5LTY4cnItanA0cM4AAvME
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago


Identifiers: GHSA-x279-68rr-jp4p
References: Repository: https://github.com/supranational/blst

Affected Packages

go:github.com/supranational/blst
Dependent packages: 715
Dependent repositories: 1,043
Downloads:
Affected Version Ranges: >= 0.3.0, < 0.3.3
Fixed in: 0.3.3
All affected versions: 0.3.0, 0.3.1, 0.3.2
All unaffected versions: 0.1.0, 0.1.1, 0.2.0, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.10, 0.3.11