CVE-2015-8618

Published: Jan 27, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.

Affected (4)

Products: Opensuse: Leap · Golang: Go

Opensuse

1 product

Leap

Golang

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Golang Go	Version 1.5.1
Golang Go	Version 1.5.2
Golang Go	Version 1.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175642.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176179.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-05/msg00077.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/12/21/6

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/12/22/9

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/01/13/7

Source: cve@mitre.org

https://github.com/golang/go/issues/13515

Source: cve@mitre.org

Patch

https://go-review.googlesource.com/#/c/17672/

Source: cve@mitre.org

https://groups.google.com/forum/#%21topic/golang-announce/MEATuOi_ei4

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175642.html