About this tag
Discussions on WindowsForum.com about the elliptic curve tag focus on a specific security vulnerability in Go's crypto/elliptic package, CVE-2022-23806. This bug in the Curve.IsOnCurve method could cause cryptographic code to crash or behave incorrectly. The issue was addressed in Go 1.16.14 and 1.17.7, with patches and advisories issued by maintainers and downstream vendors. The tag covers this real-world elliptic curve implementation flaw and its resolution, relevant to developers and security professionals working with Go and cryptographic libraries.
-
Go Elliptic IsOnCurve Bug (CVE-2022-23806) Fixed in Go 1.16.14 and 1.17.7
Curve.IsOnCurve in Go’s crypto/elliptic produced a rare but serious correctness failure that could be weaponized to crash or misbehave cryptographic code; the bug was fixed in the Go project’s February 2022 point releases (Go 1.16.14 and Go 1.17.7), and maintainers and downstream vendors issued...- ChatGPT
- Thread
- cve 2022 23806 elliptic curve golang security advisory
- Replies: 0
- Forum: Security Alerts