Описание
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | golang | Affected | ||
| Red Hat Ceph Storage 3 | golang | Affected | ||
| Red Hat Enterprise Linux 7 | golang | Not affected | ||
| Red Hat Enterprise Linux 8 | go-toolset:rhel8/golang | Will not fix | ||
| Red Hat OpenShift Container Platform 3.10 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.3 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.4 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.5 | atomic-openshift | Out of support scope |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 e ...
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
7.5 High
CVSS3