Vulnerability Report: GO-2021-0235
standard library- CVE-2021-3114
- Affects: crypto/elliptic
- Published: Feb 17, 2022
- Modified: May 20, 2024
The P224() Curve implementation can in rare circumstances generate incorrect outputs, including returning invalid points from ScalarMult.
Affected Packages
-
PathGo VersionsSymbols
-
before go1.14.14, from go1.15.0-0 before go1.15.7
1 unexported affected symbols
- p224Contract
Aliases
References
- https://go.dev/cl/284779
- https://go.googlesource.com/go/+/d95ca9138026cbe40e0857d76a81a16d03230871
- https://go.dev/issue/43786
- https://groups.google.com/g/golang-announce/c/mperVMGa98w
- https://vuln.go.dev/ID/GO-2021-0235.json
Credits
- The elliptic-curve-differential-fuzzer project running on OSS-Fuzz, Philippe Antoine (Catena cyber)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.