data/reports: add vulnerable_at to GO-2022-0435.yaml

Aliases: CVE-2022-28327 Updates golang/vulndb#435 Change-Id: Ibe158f3a76cee5dcbcb2e50ba841384c01ab5a7e Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463678 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tim King <taking@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
2023-01-26 16:25:45 +00:00 · 2023-01-26 16:25:45 +00:00 · 766e59ff3a
--- a/data/osv/GO-2022-0435.json
+++ b/data/osv/GO-2022-0435.json
@ -39,8 +39,12 @@
          {
            "path": "crypto/elliptic",
            "symbols": [
-              "P256.ScalarBaseMult",
-              "P256.ScalarMult"
+              "CurveParams.ScalarBaseMult",
+              "CurveParams.ScalarMult",
+              "p256Curve.CombinedMult",
+              "p256Curve.ScalarBaseMult",
+              "p256Curve.ScalarMult",
+              "p256GetScalar"
            ]
          }
        ]
--- a/data/reports/GO-2022-0435.yaml
+++ b/data/reports/GO-2022-0435.yaml
@ -2,13 +2,19 @@ modules:
  - module: std
    versions:
      - fixed: 1.17.9
-      - introduced: "1.18"
+      - introduced: 1.18.0
        fixed: 1.18.1
+    vulnerable_at: 1.18.0
    packages:
      - package: crypto/elliptic
        symbols:
-          - P256.ScalarMult
-          - P256.ScalarBaseMult
+          - p256GetScalar
+        derived_symbols:
+          - CurveParams.ScalarBaseMult
+          - CurveParams.ScalarMult
+          - p256Curve.CombinedMult
+          - p256Curve.ScalarBaseMult
+          - p256Curve.ScalarMult
 description: |
    A crafted scalar input longer than 32 bytes can cause P256().ScalarMult
    or P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and