Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Go 信息泄露漏洞
Vulnerability Description
Google Go是美国谷歌(Google)公司的一款静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。 Google Go 1.7.6之前的版本和1.8.2之前的1.8.x版本中的curve P-256实现过程存在信息泄露漏洞。攻击者可利用该漏洞实施秘钥恢复攻击。
CVSS Information
N/A
Vulnerability Type
N/A