Go prior to 1.10.8 and 1.11.x prior to 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows malicious users to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
opensuse leap 15.0 |