CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-28327 – golang: crypto/elliptic: panic caused by oversized scalar
https://notcve.org/view.php?id=CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. La característica genérica P-256 en crypto/elliptic en Go versiones anteriores a 1.17.9 y versiones 1.18.x anteriores a 1.18.1, permite un pánico por medio de una entrada escalar larga An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability. • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/oecdBNLOml8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE h • CWE-190: Integer Overflow or Wraparound •