Unrated severityNVD Advisory· Published Feb 11, 2022· Updated Aug 3, 2024
CVE-2022-23806
CVE-2022-23806
Description
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
49- Go/Godescription
- osv-coords48 versionspkg:bitnami/golangpkg:rpm/almalinux/delvepkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/google-guest-agent&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/google-osconfig-agent&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/go1.16&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/google-guest-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/google-osconfig-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/google-osconfig-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/google-osconfig-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/google-osconfig-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/google-osconfig-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4
< 1.16.14+ 47 more
- (no CPE)range: < 1.16.14
- (no CPE)range: < 1.7.2-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.1
- (no CPE)range: < 20230221.00-150000.1.34.1
- (no CPE)range: < 20230222.00-150000.1.27.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 20230221.00-1.29.1
- (no CPE)range: < 20230221.00-150000.1.34.1
- (no CPE)range: < 20230221.00-150000.1.34.1
- (no CPE)range: < 20230221.00-150000.1.34.1
- (no CPE)range: < 20230221.00-150000.1.34.1
- (no CPE)range: < 20230222.00-1.20.1
- (no CPE)range: < 20230222.00-150000.1.27.1
- (no CPE)range: < 20230222.00-150000.1.27.1
- (no CPE)range: < 20230222.00-150000.1.27.1
- (no CPE)range: < 20230222.00-150000.1.27.1
Patches
Vulnerability mechanics
References
7- security.gentoo.org/glsa/202208-02mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/04/msg00017.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2022/04/msg00018.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2023/04/msg00021.htmlmitremailing-list
- groups.google.com/g/golang-announce/c/SUsQn0aSgPQmitre
- security.netapp.com/advisory/ntap-20220225-0006/mitre
- www.oracle.com/security-alerts/cpujul2022.htmlmitre
News mentions
0No linked articles in our index yet.