Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Elliptic package 安全漏洞
Vulnerability Description
Elliptic package是一款基于JavaScript的椭圆曲线密码库。 crypto/elliptic存在安全漏洞,该漏洞源于在Go 1.16.14和1.17之前的IsOnCurve in crypto elliptic。在带有大值的情况下,1.17.7之前的X可能不正确地返回true。非有效字段元素的整型值。
CVSS Information
N/A
Vulnerability Type
N/A