Описание
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.18 | fixed | 1.18.1-1 | package | |
| golang-1.17 | fixed | 1.17.9-1 | package |
Примечания
https://groups.google.com/g/golang-announce/c/oecdBNLOml8
https://go.dev/issue/52075
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 3 лет назад
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVSS3: 7.5
redhat
около 3 лет назад
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVSS3: 7.5
nvd
около 3 лет назад
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVSS3: 7.5
github
около 3 лет назад
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.