Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this.
https://pkg.go.dev/vuln/GO-2023-1595
https://github.com/FiloSottile/nistec/commit/c58aa1223ccf3943513e1e661cebce95af137244