Incorrect ECC Calculation

🗓️ 09 Mar 2023 11:15:16Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 42 Views

Go crypto/elliptic vulnerable to incorrect ECC calculatio

Reporter	Title	Published	Views	Family All 146
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator are vulnerable to [CVE-2023-24532]	28 Jun 202315:04	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple Vulnerabilties affects IBM Watson Machine Learning Accelerator 3.5.0 for Cloud Pak for Data 4.6.5	8 Feb 202419:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities	20 Feb 202419:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in GoLang Go and Kubernetes affect IBM watsonx.data	18 Sep 202416:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System	2 Jan 202411:59	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Go affects watsonx.data	5 Sep 202418:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data	3 Sep 202420:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected by multiple vulnerabilities in Golang Go	5 Jul 202321:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in golang affect IBM Db2® REST	1 May 202314:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )	8 Aug 202415:20	–	ibm

Vulners

Node

golang goMatch1.16.5-r0go

AND

golang goMatch1.16.3-r0go

AND

golang goMatch1.16.7-r0go

AND

golang goMatch1.18-r0go

AND

golang goMatch1.18.1-r1go

AND

golang goMatch1.19.4-r0go

AND

golang goMatch1.17.4-r0go

AND

golang goMatch1.18.3-r0go

AND

golang goMatch1.19.5-r0go

AND

golang goMatch1.19-r0go

AND

golang goMatch1.19.1-r1go

AND

golang goMatch1.17.1-r0go

AND

golang goMatch1.20.1-r0go

AND

golang goMatch1.18.5-r0go

AND

golang goMatch1.20-r0go

AND

golang goMatch1.13.10-r0go

AND

golang goMatch1.17.8-r0go

AND

golang goMatch1.16-r0go

AND

golang goMatch1.18.3-r1go

AND

golang goMatch1.17.3-r0go

AND

golang goMatch1.17.7-r0go

AND

golang goMatch1.17.6-r0go

AND

golang goMatch1.17.2-r0go

AND

golang goMatch1.16.4-r0go

AND

golang goMatch1.18.2-r0go

AND

golang goMatch1.14.3-r0go

AND

golang goMatch1.16.2-r0go

AND

golang goMatch1.19.1-r0go

AND

golang goMatch1.19.2-r0go

AND

golang goMatch1.18-r1go

AND

golang goMatch1.13.8-r0go

AND

golang goMatch1.19.3-r0go

AND

golang goMatch1.18.4-r2go

AND

alpinelinux alpine_linuxMatchedge

golang goMatch1.19.2-r0go

AND

golang goMatch1.19.3-r0go

AND

golang goMatch1.19.4-r0go

AND

golang goMatch1.19.5-r0go

AND

golang goMatch1.19.6-r0go

AND

alpinelinux alpine_linuxMatch3.17

golang github.com/golang/goRangego1.20rc1–go1.20.1go

golang github.com/golang/goRangego1.19beta1–go1.19.6go

golang golangMatch1.20.6_2.module_el8+658+f14b2092

golang golangMatch1.17.5_1.module_el8.6.0+1052+72a6db00

golang golangMatch1.13.4_2.module_el8.1.0+291+fd8d707f

golang golangMatch1.14.12_1.module_el8.3.0+605+410c5674

golang golangMatch1.16.5_1.module_el8.5.0+858+9fdb7385

golang golangMatch1.13.15_1.module_el8.2.0+490+5bc58d45

golang golangMatch1.19.2_4.module_el8.8.0+1222+2d730492

golang golangMatch1.16.7_1.module_el8.5.0+891+69fdb1de

golang golangMatch1.14.7_2.module_el8.3.0+471+76db7791

golang golangMatch1.20.3_1.module_el8+429+9e1e5a4f

golang golangMatch1.15.7_1.module_el8.4.0+662+fcb27825

golang golangMatch1.12.8_2.module_el8.1.0+232+26780282

golang golangMatch1.15.13_3.module_el8.4.0+844+08d04f30

golang golangMatch1.18.0_2.module_el8.7.0+1138+bbe1ff28

golang golangMatch1.15.2_1.module_el8.4.0+546+c69f460d

golang golangMatch1.13.4_2.module_el8.2.0+306+4f5ea1ce

golang golangMatch1.15.5_1.module_el8.4.0+586+97b59638

golang golangMatch1.17.2_2.module_el8.6.0+963+7827afaa

golang golangMatch1.18.2_1.module_el8.7.0+1173+5d37c0fd

golang golangMatch1.19.4_2.module_el8.8.0+1238+ed248327

golang golangMatch1.16.1_1.module_el8.5.0+730+05f9090d

golang golangMatch1.11.6_1.module_el8.0.0+192+8b12aa21

golang golangMatch1.16.6_1.module_el8.5.0+867+7ee7da3b

golang golangMatch1.20.6_1.module_el8+574+cfd34e57

golang golangMatch1.16.1_3.module_el8.5.0+762+a2d12c29

golang golangMatch1.16.4_1.module_el8.5.0+807+c705d8b6

golang golangMatch1.18.4_2.module_el8.7.0+1195+244d178d

golang golangMatch1.12.12_4.module_el8.1.0+271+e71148fc

golang golangMatch1.16.4_3.module_el8.5.0+839+8f5567f8

golang golangMatch1.15.14_2.module_el8.4.0+934+66c655ab

golang golangMatch1.16.6_2.module_el8.5.0+868+4f873682

golang golangMatch1.15.14_1.module_el8.4.0+882+ab13bcd9

golang golangMatch1.11.5_2.module_el8.0.0+105+d020cd05

golang golangMatch1.16.12_1.module_el8.5.0+1051+7eeb051e

golang golangMatch1.18.4_1.module_el8.7.0+1188+8c5b9e1c

golang golangMatch1.17.7_1.module_el8.6.0+1099+24a5d718

golang golangMatch1.15.0_1.module_el8.4.0+515+10a82a47

golang golangMatch1.20.4_1.module_el8+433+1910a33d

Source	Link
github	www.github.com/golang/go/commit/203e59ad41bd288e1d92b6f617c2f55e70d3c8e3
github	www.github.com/golang/go/issues/58647
pkg	www.pkg.go.dev/vuln/GO-2023-1621
groups	www.groups.google.com/g/golang-announce/c/3-TpUx48iQY
go	www.go.dev/issue/58647
go	www.go.dev/cl/471255
security	www.security.netapp.com/advisory/ntap-20230331-0011/

07 Nov 2023 21:24Current

8.9High risk

Vulners AI Score8.9

CVSS 3.15.3

EPSS0.00026

SSVC

go crypto elliptic vulnerable incorrect ecc calculation p256 curve cryptography