CVE-2021-3114

EPSS 0.04%
Published 26.01.2021 18:16:27
Last modified 21.11.2024 06:20:54
Source cve@mitre.org
Teams watchlist Login
Open Login

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Golang ≫ Go Version < 1.14.14

Golang ≫ Go Version >= 1.15 < 1.15.7

Fedoraproject ≫ Fedora Version33

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Netapp ≫ Cloud Insights Telegraf Agent Version-

Netapp ≫ Storagegrid Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.092

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2021/dsa-4848

Third Party Advisory

https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871

Patch

Third Party Advisory

https://groups.google.com/g/golang-announce/c/mperVMGa98w