Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-22866

Опубликовано: 06 фев. 2025
Источник: debian
EPSS Низкий

Описание

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.24fixed1.24~rc3-1package
golang-1.23fixed1.23.6-1package
golang-1.22fixed1.22.12-1package
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15ignoredbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k

  • https://github.com/golang/go/issues/71383

  • https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)

  • https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)

  • https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)

EPSS

Процентиль: 4%
0.00017
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-22866

CVSS3: 4
ubuntu
11 месяцев назад

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

redhat логотип

CVE-2025-22866

CVSS3: 5.3
redhat
11 месяцев назад

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

nvd логотип

CVE-2025-22866

CVSS3: 4
nvd
11 месяцев назад

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

msrc логотип

CVE-2025-22866

CVSS3: 8.4
msrc
4 месяца назад

Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

suse-cvrf логотип

SUSE-SU-2025:0393-1

suse-cvrf
10 месяцев назад

Security update for go1.23

EPSS

Процентиль: 4%
0.00017
Низкий