Lucene search

[email protected]CVE-2022-28327

HistoryApr 20, 2022 - 10:15 a.m.

CVE-2022-28327

2022-04-2010:15:08

[email protected]

web.nvd.nist.gov

228

cve

2022

28327

p-256

panic

scalar input

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

Affected configurations

NVD

Node

golanggoRange<1.17.9

golanggoRange1.18.0–1.18.1

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch7.0

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

CPENameOperatorVersion
golang:gogolang golt1.17.9
golang:gogolang golt1.18.1

CPE	Name	Operator	Version
golang:go	golang go	lt	1.17.9
golang:go	golang go	lt	1.18.1

References

cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf

groups.google.com/g/golang-announce

groups.google.com/g/golang-announce/c/oecdBNLOml8

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/

security.gentoo.org/glsa/202208-02

security.netapp.com/advisory/ntap-20220915-0010/

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for CVE-2022-28327

redhatcve1 ibm8 cnvd1 osv4 fedora66 ubuntucve1 nessus20 cbl_mariner2 openvas71 cvelist1 alpinelinux1 nvd1 veracode1 f51 debiancve1 prion1 mageia1 suse2 redhat6 freebsd1 altlinux2 photon3 oraclelinux2 rocky1