Astra Linux – Vulnerability in Golang-1.15

In Go versions before 1.14.14 and 1.15.x, as well as before 1.15.7, the crypto/elliptic/p224.go file may generate incorrect outputs due to a underflow of the lowest limb during the final complete reduction of the P-224 field...

RHCOS 4 : OpenShift Container Platform 4.8.2 (RHSA-2021:2437)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2437 advisory. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - gogo/protobuf: plugin/unmarshal/unmarshal.go lack...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2021-2086:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2086:01 advisory. golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 golang: cmd/go: packages using cgo can cause arbitrary code execution...

EUVD-2021-26466

Malware in sbrugna...

RHEL 8 : ior (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - Non-random values for...

RHEL 8 : ior (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic: panic caused by oversized scalar CVE-2022-28327 Note that Nessus has not tested for this...

RHEL 7 / 8 : OpenShift Virtualization 4.9.0 RPMs (RHSA-2021:4103)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4103 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...

K15405135: GO vulnerability CVE-2021-3114

Security Advisory Description In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. CVE-2021-3114 Impact There is no impact; F5 products are not...

SUSE CVE-2021-3114

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field...

Go 1.20 Cryptography

The first second release candidate of Go 1.20 is out!1 This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. By the way, thats going great, and Im going to write more about it here soon! Im pretty happy with...

GO-2021-0235 Incorrect operations on the P-224 curve in crypto/elliptic

The P224 Curve implementation can in rare circumstances generate incorrect outputs, including returning invalid points from ScalarMult...

RHEL 7 : OpenShift Container Storage 3.11.z (RHSA-2022:0308)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0308 advisory. The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services...

CentOS 8 : grafana (CESA-2021:4226)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4226 advisory. - grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call CVE-2021-27358 - golang: crypto/elliptic:...

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

CVE-2021-3114

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-1947)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1926)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1947)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb...

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...