EPSS
Percentile
88.1%
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
bugzilla.redhat.com/show_bug.cgi?id=1668972
groups.google.com/forum/m/#!topic/golang-announce/mVeX35iXuSw
nvd.nist.gov/vuln/detail/CVE-2019-6486
www.cve.org/CVERecord?id=CVE-2019-6486