EUVD-2022-28738

Malicious code in bioql PyPI...

The vulnerability of the Curve.IsOnCurve component in the Golang programming language, which allows a malicious actor to influence the accessibility and integrity of the resource.

The vulnerability of the Curve.IsOnCurve component in the Golang programming language is related to incorrect checking of the returned value by a method or function. Exploiting this vulnerability can allow an attacker to influence the accessibility and integrity of a resource...

RHEL 8 : faq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic: IsOnCurve returns true for invalid field elements CVE-2022-23806 - Go before...

RHEL 8 : Release of OpenShift Serverless Client kn 1.22.1 (Moderate) (RHSA-2022:4860)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4860 advisory. The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is deliver...

SUSE-SU-2023:0600-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following bsc1208723: - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js bsc1191468. - CVE-2022-23806: Fixed...

golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...

golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...

golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...

Amazon Linux 2 : golang (ALAS-2022-1811)

The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1811 advisory. An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with...

golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...

GO-2021-0319 Incorrect computation for some invalid field elements in crypto/elliptic

Some big.Int values that are not valid field elements negative or overflowing might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid curve operation. Note that Unmarshal will never return such values...

Struts: Validator Without Form Field

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Struts: Validator Without Form Field. Go Vulnerability Report: via the IsOnCurve function. An attacker can trigger a panic or cause invalid cryptographic operation...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-1819)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1819 advisory. delve 1.7.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.7.2-1 - Rebase to 1.7.2 - Related: rhbz2014088 golang 1.17.7-1 - Rebase...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2022-23772, CVE-2022-23773, CVE-2022-23806)

Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2022-23772 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker...

Updated golang packages fix security vulnerability

Overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption CVE-2022-23772 Incorrect access control in cmd/go CVE-2022-23773 Incorrect returned value in crypto/elliptic IsOnCurve CVE-2022-23806 The following non-security bugs were fixed: - go50978 crypto/elliptic: IsOnCurve...

CVE-2022-23806

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...

CVE-2022-23806

CVE-2022-23806 affects Go's crypto/elliptic IsOnCurve, which can incorrectly return true when a big.Int value is not a valid field element. Impact: potential impact to availability and integrity as implied by the vulnerability description. Root cause is an out-of-spec check in IsOnCurve for inval...