ALT-PU-2016-1067-1
Closed vulnerabilities
Published: 2016-01-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-8618
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- FEDORA-2016-5a073cbd93
- FEDORA-2016-5a073cbd93
- FEDORA-2016-2dcc094217
- FEDORA-2016-2dcc094217
- openSUSE-SU-2016:1331
- openSUSE-SU-2016:1331
- [oss-security] 20151221 CVE request for math/big.Exp
- [oss-security] 20151221 CVE request for math/big.Exp
- [oss-security] 20151222 Re: CVE request for math/big.Exp
- [oss-security] 20151222 Re: CVE request for math/big.Exp
- [oss-security] 20160113 [security] Go security release v1.5.3
- [oss-security] 20160113 [security] Go security release v1.5.3
- https://github.com/golang/go/issues/13515
- https://github.com/golang/go/issues/13515
- https://go-review.googlesource.com/#/c/17672/
- https://go-review.googlesource.com/#/c/17672/
- [golang-announce] 20160113 [security] Go 1.5.3 is released
- [golang-announce] 20160113 [security] Go 1.5.3 is released