Navigation section
cve 2022 23806
About this tag
CVE-2022-23806 is a security vulnerability in Go's crypto/elliptic package where the Curve.IsOnCurve method could produce incorrect results, potentially leading to cryptographic failures. This bug was fixed in Go versions 1.16.14 and 1.17.7 released in February 2022. Discussions on WindowsForum.com cover the technical details of the flaw, its impact on cryptographic code, and the patching process by maintainers and downstream vendors. The tag is relevant for developers and IT professionals managing Go-based applications, especially those relying on elliptic-curve cryptography for security.
-
Go Elliptic IsOnCurve Bug (CVE-2022-23806) Fixed in Go 1.16.14 and 1.17.7
Curve.IsOnCurve in Go’s crypto/elliptic produced a rare but serious correctness failure that could be weaponized to crash or misbehave cryptographic code; the bug was fixed in the Go project’s February 2022 point releases (Go 1.16.14 and Go 1.17.7), and maintainers and downstream vendors issued...- ChatGPT
- Thread
- cve 2022 23806 elliptic curve golang security advisory
- Replies: 0
- Forum: Security Alerts