Filippo.io Edwards25519 Library MultiScalarMult Function Improper Point Handling Vulnerability

A vulnerability exists in the Filippo.io Edwards25519 Go library, specifically in the MultiScalarMult function of the Point structure, in versions prior to 1.1.1. The issue arises because the function fails to properly initialize the receiver point. When called on an initialized point that is not the identity point, MultiScalarMult produces incorrect results. If invoked on an uninitialized point, the behavior is undefined. Notably, if the receiver is the zero value, the function returns an invalid point that is considered equal to every other point. This vulnerability is part of a rarely used advanced API, and users who rely on Filippo.io Edwards25519 solely through the Go SQL Driver MySQL are not affected.

Impact

Exploitation of this vulnerability leads to incorrect results or undefined behavior in the MultiScalarMult function, which could disrupt cryptographic operations that rely on accurate point calculations.

Reproduction

To reproduce this vulnerability, call the MultiScalarMult method on a Point object that is either uninitialized or initialized to a value that is not the identity point. The function will either return an invalid result or exhibit undefined behavior.

Remediation

Users can upgrade to version 1.1.1 of the Filippo.io Edwards25519 library, where this vulnerability has been fixed.