[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.8] go: crypto/elliptic implementations of P-521 and P-384 elliptic curves allow for denial of service (CVE-2019-6486)

ID: oval:org.secpod.oval:def:1801299Date: (C)2019-02-19   (M)2023-11-10
Class: PATCHFamily: unix




Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker can exploit this by crafting inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery. Fixed In Version:¶ golang 1.10.8, golang 1.11.5

Platform:
Alpine Linux 3.8
Product:
go
Reference:
9938
CVE-2019-6486
CVE    1
CVE-2019-6486
CPE    3
cpe:/o:alpinelinux:alpine_linux:3.8
cpe:/a:golang:go
cpe:/a:golang:go:1.6

© SecPod Technologies