Home

CVE-2021-3114

Description

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.035

Associated Vulnerability

VulnerabilityOS Platform
golang-1.11 security update(DSA-4848-1) golang-1.11_1.11.6-1+deb10u4_all.debLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update delve-debugsource-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update go-toolset-1.15.7-1.module+el8.4.0+9580+3b0e6c24.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-1.15.7-1.module+el8.4.0+9580+3b0e6c24.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-bin-1.15.7-1.module+el8.4.0+9580+3b0e6c24.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-docs-1.15.7-1.module+el8.4.0+9580+3b0e6c24.noarch.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-misc-1.15.7-1.module+el8.4.0+9580+3b0e6c24.noarch.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-race-1.15.7-1.module+el8.4.0+9580+3b0e6c24.x86_64.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-src-1.15.7-1.module+el8.4.0+9580+3b0e6c24.noarch.rpmLinux
(RHSA-2021:1746) go-toolset:rhel8 security, bug fix, and enhancement update golang-tests-1.15.7-1.module+el8.4.0+9580+3b0e6c24.noarch.rpmLinux
(RHSA-2022:0308) OpenShift Container Storage 3.11.z security and bug fix update heketi-client-10.4.0-2.el7rhgs.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234