Vulnerability Report: GO-2021-0235

standard library

The P224() Curve implementation can in rare circumstances generate incorrect outputs, including returning invalid points from ScalarMult.

Affected Packages

  • Path
    Go Versions
    Symbols
  • before go1.14.14, from go1.15.0-0 before go1.15.7
    1 unexported affected symbols
    • p224Contract

Aliases

References

Credits

  • The elliptic-curve-differential-fuzzer project running on OSS-Fuzz, Philippe Antoine (Catena cyber)

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL