← Back

CVE-2022-23806

nvd nist
Published: Feb 11, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Affected (7)

Golang
1 product
Go
Netapp
4 products
Beegfs Csi Driver
Cloud Insights Telegraf Agent
Kubernetes Monitoring Operator
Storagegrid
Debian
1 product
Debian Linux
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Golang
Go
Before 1.16.14
Go
From 1.17.0 to 1.17.7
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Beegfs Csi Driver
All versions
Cloud Insights Telegraf Agent
All versions
Kubernetes Monitoring Operator
All versions
Storagegrid
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-252
Unchecked Return Value
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References (14)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.