PT-2021-2163 · Google+7 · Go+7

Philippe Antoine

·

Published

2021-01-20

·

Updated

2024-06-15

·

CVE-2021-3114

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.14.14 Go versions 1.15.x prior to 1.15.7
Description The issue is related to incorrect calculations in the crypto/elliptic/p224.go file of the Go programming language. This can allow a remote attacker to disclose protected information and impact the integrity of protected information. The problem is associated with an underflow of the lowest limb during the final complete reduction in the P-224 field, which can result in the generation of incorrect outputs, including returning invalid points from ScalarMult.
Recommendations For Go versions prior to 1.14.14, update to version 1.14.14 or later. For Go versions 1.15.x prior to 1.15.7, update to version 1.15.7 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

ALSA-2021:4226
ALT-PU-2021-1090
ALT-PU-2021-1111
ALT-PU-2021-1138
ALT-PU-2021-1456
ALT-PU-2021-1941
AZL-79110
BDU:2021-01056
BIT-GOLANG-2021-3114
CESA-2021_1746
CESA-2021_4226
CVE-2021-3114
DLA-2591-1
DLA-2592-1
DSA-4848-1
GO-2021-0235
OPENSUSE-SU-2021:0190-1
OPENSUSE-SU-2021:0192-1
OPENSUSE-SU-2021:0194-1
OPENSUSE-SU-2021_0190-1
OPENSUSE-SU-2021_0192-1
OPENSUSE-SU-2021_0194-1
OPENSUSE-SU-2024:10807-1
OPENSUSE-SU-2024:10808-1
RHSA-2021:0958
RHSA-2021:1006
RHSA-2021:1339
RHSA-2021:1366
RHSA-2021:1551
RHSA-2021:1746
RHSA-2021:2095
RHSA-2021:2437
RHSA-2021:4103
RHSA-2021:4226
RHSA-2021_1746
RHSA-2021_4226
RHSA-2022:0308
RLSA-2021:1746
RLSA-2021:4226
SUSE-SU-2021:0222-1
SUSE-SU-2021:0223-1
SUSE-SU-2021_0222-1
SUSE-SU-2021_0223-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Go
Red Hat
Rocky Linux
Suse