CVE-2019-11840

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...

Security Bulletin: Multiple Vulnerabilities in Go affects IBM Watson Studio Local

Summary Security Bulletin: Multiple Vulnerabilities in Go affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-11841 DESCRIPTION: A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to th...

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

Go Cryptography Libraries Cleartext Message Spoofing

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cleartext message spoofing product: Supplementary Go Cryptography Libraries vulnerable version: commit a5d413f7728c81fb97d96a2b722368945f651e78 branch master...