Unrated severityOSV Advisory· Published Jan 24, 2019· Updated Aug 4, 2024
CVE-2019-6486
CVE-2019-6486
Description
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
Affected products
32- osv-coords31 versionspkg:rpm/opensuse/containerd&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/containerd&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/docker-runc&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/docker-runc&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/go1.10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.11&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/go1.11&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/go1.11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.12&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/go1.12&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/go1.12&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/go&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/go&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/golang-github-docker-libnetwork&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/golang-github-docker-libnetwork&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015pkg:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/go&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015pkg:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1
< 1.2.5-lp150.4.14.3+ 30 more
- (no CPE)range: < 1.2.5-lp150.4.14.3
- (no CPE)range: < 1.2.5-lp151.2.3.1
- (no CPE)range: < 18.09.6_ce-lp150.5.17.2
- (no CPE)range: < 18.09.6_ce-lp151.2.3.1
- (no CPE)range: < 1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2
- (no CPE)range: < 1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1
- (no CPE)range: < 1.10.8-8.2
- (no CPE)range: < 1.11.5-lp150.6.4
- (no CPE)range: < 1.11.9-lp151.2.3.1
- (no CPE)range: < 1.11.13-10.5
- (no CPE)range: < 1.12.4-lp150.2.2
- (no CPE)range: < 1.12.4-lp151.2.3.1
- (no CPE)range: < 1.12.17-4.8
- (no CPE)range: < 1.12-lp150.2.11.1
- (no CPE)range: < 1.12-lp151.2.3.1
- (no CPE)range: < 1.17-1.1
- (no CPE)range: < 0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1
- (no CPE)range: < 0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1
- (no CPE)range: < 1.2.5-16.17.2
- (no CPE)range: < 1.2.5-5.13.1
- (no CPE)range: < 1.2.5-5.13.1
- (no CPE)range: < 18.09.6_ce-98.37.1
- (no CPE)range: < 18.09.6_ce-6.17.1
- (no CPE)range: < 18.09.6_ce-6.17.1
- (no CPE)range: < 1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1
- (no CPE)range: < 1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1
- (no CPE)range: < 1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1
- (no CPE)range: < 1.12-bp150.2.6.1
- (no CPE)range: < 0.7.0.1+gitr2726_872f0a83c98a-19.1
- (no CPE)range: < 0.7.0.1+gitr2726_872f0a83c98a-4.12.1
- (no CPE)range: < 0.7.0.1+gitr2726_872f0a83c98a-4.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- lists.opensuse.org/opensuse-security-announce/2019-04/msg00042.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlmitrevendor-advisoryx_refsource_SUSE
- www.debian.org/security/2019/dsa-4379mitrevendor-advisoryx_refsource_DEBIAN
- www.debian.org/security/2019/dsa-4380mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/106740mitrevdb-entryx_refsource_BID
- github.com/golang/go/commit/42b42f71cf8f5956c09e66230293dfb5db652360mitrex_refsource_CONFIRM
- github.com/golang/go/issues/29903mitrex_refsource_CONFIRM
- groups.google.com/forum/mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/02/msg00009.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.