Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2022-23806

Published: 11/02/2022 Updated: 20/04/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 571
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Go

Vulnerability Summary

Curve.IsOnCurve in crypto/elliptic in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang go

netapp storagegrid -

netapp cloud insights telegraf agent -

netapp kubernetes monitoring operator -

netapp beegfs csi driver -

debian debian linux 9.0

Vendor Advisories

Amazon Linux AMI: ALAS-2023-1685
RatSetString in math/big in Go before 11614 and 117x before 1177 has an overflow that can lead to Uncontrolled Memory Consumption (CVE-2022-23772) cmd/go in Go before 11614 and 117x before 1177 can misinterpret branch names that falsely appear to be version tags This can lead to incorrect access control if an actor is supposed to be ...
Red Hat: Moderate: OpenShift Container Platform 4.10.28 packages and security update
Synopsis Moderate: OpenShift Container Platform 41028 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41028 is now available withupdates to pack ...
Red Hat: Moderate: OpenShift Container Platform 4.11.0 packages and security update
Synopsis Moderate: OpenShift Container Platform 4110 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packag ...
Red Hat: Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes
Synopsis Important: Red Hat Advanced Cluster Management 25 security updates, images, and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 250 is now generally availableRed Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability ...
Red Hat: Moderate: Release of OpenShift Serverless Client kn 1.22.1
Synopsis Moderate: Release of OpenShift Serverless Client kn 1221 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Release of OpenShift Serverless Client kn 1221Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat OpenShift Service Mesh 2.1.3 Containers security update
Synopsis Important: Red Hat OpenShift Service Mesh 213 Containers security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 213Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Red Hat: Critical: Red Hat OpenShift Service Mesh 2.1.3 security update
Synopsis Critical: Red Hat OpenShift Service Mesh 213 security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Service Mesh 213 has been releasedRed Hat Product Security has rated this update ...
Red Hat: Moderate: OpenShift Container Platform 4.10.26 security update
Synopsis Moderate: OpenShift Container Platform 41026 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41026 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Plat ...
Red Hat: Moderate: Release of OpenShift Serverless Version 1.22.1
Synopsis Moderate: Release of OpenShift Serverless Version 1221 Type/Severity Security Advisory: Moderate Topic OpenShift Serverless version 1221 contains a moderate security impactThe References section contains CVE links providing detailed severity ratings for each vulnerability Ratings are based on a Common Vulnerability Scoring Syst ...
Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update
Synopsis Important: OpenShift Virtualization 4110 Images security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4110 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes
Synopsis Moderate: Gatekeeper Operator v02 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Gatekeeper Operator v02Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available f ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes
概述 Moderate: Red Hat Advanced Cluster Management 2311 security updates and bug fixes 类型/严重性 Security Advisory: Moderate 标题 Red Hat Advanced Cluster Management for Kubernetes 2311 generalavailability release images, which provide security updates and bug fixesRed Hat Product Security has rated this update as having a sec ...
Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update
Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update
Synopsis Moderate: OpenShift Container Platform 4110 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
Synopsis Important: Red Hat OpenShift Data Foundation 4110 security, enhancement, & bugfix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4110 on Red Hat Enterprise Linux 8Red Hat Product Securit ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 245 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 245 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security ...
Red Hat: Important: OpenShift Virtualization 4.12.0 Images security update
Synopsis Important: OpenShift Virtualization 4120 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 412 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: CVE-2022-23806
CurveIsOnCurve in crypto/elliptic in Go before 11614 and 117x before 1177 can incorrectly return true in situations with a bigInt value that is not a valid field element ...
Amazon Linux 2: ALASGOLANG1.19-2023-002
An out of bounds read vulnerability was found in debug/macho of the Go standard library When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols An attacker can use this vulnerability ...
Amazon Linux 2: ALAS2-2022-1830
A null pointer dereference vulnerability was found in golang When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service The highest threat from this vulnera ...
Amazon Linux 2: ALAS2-2022-1811
A validation flaw was found in golang When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments The highest threat from this vulnerability is to integrity (CVE-2021-38297) A vulnerability was found in archive/zip of the G ...

Github Repositories

https://github.com/MrE-Fog/cryptofuzz

Cryptofuzz - Differential cryptography fuzzing Documentation For building Cryptofuzz, please refer to docs/buildingmd For instructions on how to run Cryptofuzz, please see docs/runningmd Bugs found by Cryptofuzz OpenSSL: ARIA GCM ciphers memory leak after EVP_CTRL_AEAD_SET_IVLEN OpenSSL: HMAC with SHAKE128 via EVP interface crashes on EVP_DigestSignUpdate OpenSSL: BLAKE2b

https://github.com/guidovranken/cryptofuzz

Fuzzing cryptographic libraries. Magic bug printer go brrrr.

Cryptofuzz - Differential cryptography fuzzing Documentation For building Cryptofuzz, please refer to docs/buildingmd For instructions on how to run Cryptofuzz, please see docs/runningmd Bugs found by Cryptofuzz OpenSSL: ARIA GCM ciphers memory leak after EVP_CTRL_AEAD_SET_IVLEN OpenSSL: HMAC with SHAKE128 via EVP interface crashes on EVP_DigestSignUpdate OpenSSL: BLAKE2b

https://github.com/MNeverOff/ipmi-server

ipmi-server docker container with Symfony router

IPMI Docker Container for Home Assistant Details of the container IPMI Server This container is a lightweight fully-fledged webserver that allows us to execute ipmitool commands and returns a json object with some results, courtesy of @ateodorescu and their Home Assistant Add-on, ipmi-server and uses their Symphony app and nginx configuration The image itself is based on

References

CWE-252https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQhttps://security.netapp.com/advisory/ntap-20220225-0006/https://lists.debian.org/debian-lts-announce/2022/04/msg00018.htmlhttps://lists.debian.org/debian-lts-announce/2022/04/msg00017.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://security.gentoo.org/glsa/202208-02https://lists.debian.org/debian-lts-announce/2023/04/msg00021.htmlhttps://nvd.nist.govhttps://github.com/MrE-Fog/cryptofuzzhttps://github.com/guidovranken/cryptofuzzhttps://alas.aws.amazon.com/ALAS-2023-1685.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook