High severity7.5NVD Advisory· Published Jan 27, 2016· Updated May 6, 2026

CVE-2015-8618

Description

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.

Affected products

Golang/Go3 versions
cpe:2.3:a:golang:go:1.5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:golang:go:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.5.2:*:*:*:*:*:*:*
OpenSUSE/Leap
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/golang/go/issues/13515nvdPatch
lists.fedoraproject.org/pipermail/package-announce/2016-January/175642.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2016-January/176179.htmlnvd
lists.opensuse.org/opensuse-updates/2016-05/msg00077.htmlnvd
www.openwall.com/lists/oss-security/2015/12/21/6nvd
www.openwall.com/lists/oss-security/2015/12/22/9nvd
www.openwall.com/lists/oss-security/2016/01/13/7nvd
go-review.googlesource.comnvd
groups.google.com/forum/nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000