Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.8.2 (RHSA-2021:2437)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2437 advisory. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - gogo/protobuf: plugin/unmarshal/unmarshal.go lack...

8.6CVSS5.8AI score0.11308EPSS
Exploits2References23
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.4 views

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS6.8AI score0.00864EPSS
Exploits0References1
OSV
OSV
added 2023/04/21 6:15 p.m.11 views

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS5.8AI score0.00864EPSS
Exploits0References4
Snyk
Snyk
added 2022/07/01 8:11 p.m.1 views

Buffer Overflow

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Buffer Overflow. Go Vulnerability Report: via the ScalarMult process in the crypto/elliptic package on amd64 architectures. An attacker can recover secret scalar...

8.2CVSS6.8AI score0.02225EPSS
Exploits0References3
Snyk
Snyk
added 2022/05/24 3:21 p.m.1 views

Infinite loop

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: via the crypto/elliptic process. An attacker can cause excessive CPU consumption or potentially recover private keys by...

8.8CVSS8.2AI score0.04326EPSS
Exploits0References3
Snyk
Snyk
added 2022/05/20 9:17 p.m.2 views

Uncaught Exception

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: via the P256.ScalarMult or P256.ScalarBaseMult functions when provided with a crafted scalar input longer than 32 byte...

8.7CVSS9AI score0.03965EPSS
Exploits0References3
OSV
OSV
added 2022/02/11 1:15 a.m.6 views

AZL-8524 CVE-2022-23806 affecting package golang for versions less than 1.18.8-3

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...

9.1CVSS7.2AI score0.03015EPSS
Exploits0References1
Rows per page
Query Builder