Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-23806

Опубликовано: 11 фев. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.4
CVSS3: 9.1

Описание

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-infra-legacy/trusty

DNE

esm-infra/xenial

needs-triage

focal

ignored

end of standard support, was needs-triage
impish

ignored

end of life

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
esm-apps/focal

not-affected

code-not-present
esm-infra-legacy/trusty

DNE

esm-infra/bionic

needs-triage

esm-infra/xenial

not-affected

code-not-present
focal

not-affected

code-not-present
impish

not-affected

code-not-present
trusty

DNE

trusty/esm

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

code not present
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
impish

ignored

end of life
jammy

not-affected

code not present
kinetic

not-affected

code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 4%
0.00022
Низкий

6.4 Medium

CVSS2

9.1 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-23806

CVSS3: 7.1
redhat
больше 3 лет назад

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

nvd логотип

CVE-2022-23806

CVSS3: 9.1
nvd
больше 3 лет назад

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

msrc логотип

CVE-2022-23806

CVSS3: 9.1
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-23806

CVSS3: 9.1
debian
больше 3 лет назад

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...

github логотип

GHSA-8c83-vp4v-h7fq

CVSS3: 9.1
github
больше 3 лет назад

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

EPSS

Процентиль: 4%
0.00022
Низкий

6.4 Medium

CVSS2

9.1 Critical

CVSS3

Уязвимость CVE-2022-23806