3 matches found
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...
UBUNTU-CVE-2022-23806
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...
Elliptic package 安全漏洞
Elliptic package is a JavaScript-based elliptic curve cryptographic library. A security vulnerability exists in crypto/elliptic that stems from IsOnCurve in crypto elliptic before Go 1.16.14 and 1.17. X before 1.17.7 may incorrectly return true in the case of X with a large value. integer values...