The Int.Exp Montgomery code in the math/big library in Go 1.5.x prior to 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for malicious users to obtain private RSA keys via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse leap 42.1 |
||
golang go 1.5.1 |
||
golang go 1.5.2 |
||
golang go 1.5 |