Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-28327

Опубликовано: 12 апр. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.

Отчет

Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability. Red Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. Red Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for ContainerscpmaWill not fix
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-controller-rhel9Affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-must-gather-api-rhel8Affected
mirror registry for Red Hat OpenShiftmirror-registry-containerAffected
Node Maintenance Operatorworkload-availability/node-maintenance-rhel8-operatorAffected
OpenShift Developer Tools and ServiceshelmAffected
OpenShift Developer Tools and ServicesodoAffected
OpenShift Pipelinesopenshift-pipelines-clientWill not fix
OpenShift ServerlessCLIAffected
OpenShift Serverlessknative-eventingAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2077689golang: crypto/elliptic: panic caused by oversized scalar

EPSS

Процентиль: 31%
0.00111
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-28327

CVSS3: 7.5
ubuntu
около 3 лет назад

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

nvd логотип

CVE-2022-28327

CVSS3: 7.5
nvd
около 3 лет назад

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

msrc логотип

CVE-2022-28327

CVSS3: 7.5
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-28327

CVSS3: 7.5
debian
около 3 лет назад

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1 ...

github логотип

GHSA-v5qw-m6mv-3q79

CVSS3: 7.5
github
около 3 лет назад

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

EPSS

Процентиль: 31%
0.00111
Низкий

7.5 High

CVSS3

Уязвимость CVE-2022-28327