github.com/golang/go is vulnerable to remote code execution. The vulnerability exists in IsOnCurve function of elliptic.go because of invalid representations of a field element which allows an attacker to inject and execute codes.

References

github.com/advisories/GHSA-8c83-vp4v-h7fq

github.com/golang/go/commit/6b3e741a834c34b8a844a33b3aa060dd4ed37231

github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6

github.com/golang/go/issues/50974

github.com/golang/go/issues/50978

groups.google.com/g/golang-announce/c/SUsQn0aSgPQ

lists.debian.org/debian-lts-announce/2022/04/msg00017.html

lists.debian.org/debian-lts-announce/2022/04/msg00018.html

security.gentoo.org/glsa/202208-02

security.netapp.com/advisory/ntap-20220225-0006/

www.oracle.com/security-alerts/cpujul2022.html

redhatcve 1

ibm 25

osv 10

nvd 1

alpinelinux 1

cbl_mariner 3

debiancve 1

prion 1

cve 1

ubuntucve 1

cvelist 1

nessus 45

openvas 14

suse 2

altlinux 1

debian 3

redhat 19

amazon 5

freebsd 1

mageia 1

photon 7

oraclelinux 2

almalinux 1

rocky 1

gentoo 1

oracle 1

redhatcve

CVE-2022-23806

2022-02-11 10:46:58

ibm

Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23806

2022-04-08 14:54:10

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2022-23806

2022-05-09 17:36:36

Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-23806

2022-11-04 16:48:03

osv

BIT-golang-2022-23806

2024-03-06 11:02:30

CVE-2022-23806

2022-02-11 01:15:07

Incorrect computation for some invalid field elements in crypto/elliptic

2022-05-23 22:15:21

nvd

CVE-2022-23806

2022-02-11 01:15:07

alpinelinux

CVE-2022-23806

2022-02-11 01:15:07

cbl_mariner

CVE-2022-23806 affecting package golang for versions less than 1.18.8-3

2022-04-26 19:57:46

CVE-2022-23806 affecting package golang 1.17.13-2

2022-02-25 01:45:48

CVE-2022-23806 affecting package python-tensorboard for versions less than 2.16.2-2

2024-07-24 01:44:36

debiancve

CVE-2022-23806

2022-02-11 01:15:07

prion

Design/Logic Flaw

2022-02-11 01:15:00

cve

CVE-2022-23806

2022-02-11 01:15:07

ubuntucve

CVE-2022-23806

2022-02-11 00:00:00

cvelist

CVE-2022-23806

2022-02-11 00:00:00

nessus

CBL Mariner 2.0 Security Update: python-tensorboard / golang (CVE-2022-23806)

2024-08-30 00:00:00

SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2023:0602-1)

2023-03-03 00:00:00

SUSE SLES15 / openSUSE 15 Security Update : google-guest-agent (SUSE-SU-2023:0600-1)

2023-03-03 00:00:00

openvas

Debian: Security Advisory (DLA-2986-1)

2022-04-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0724-1)

2022-03-05 00:00:00

Debian: Security Advisory (DLA-2985-1)

2022-04-29 00:00:00

suse

Security update for go1.16 (important)

2022-03-04 00:00:00

Security update for go1.17 (important)

2022-03-04 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.7-alt1

2022-02-11 00:00:00

debian

[SECURITY] [DLA 2986-1] golang-1.8 security update

2022-04-28 09:57:43

[SECURITY] [DLA 2985-1] golang-1.7 security update

2022-04-28 09:57:28

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-19 21:42:48

redhat

(RHSA-2022:4860) Moderate: Release of OpenShift Serverless Client kn 1.22.1

2022-06-01 09:10:05

(RHSA-2022:5875) Moderate: OpenShift Container Platform 4.10.26 security update

2022-08-09 02:26:20

(RHSA-2022:6094) Moderate: OpenShift Container Platform 4.10.28 packages and security update

2022-08-23 18:05:37

amazon

Medium: golang

2023-02-15 00:23:00

Important: golang

2022-04-25 03:47:00

Important: golang

2022-07-06 03:11:00

freebsd

go -- multiple vulnerabilities

2022-02-10 00:00:00

mageia

Updated golang packages fix security vulnerability

2022-03-08 02:10:22

photon

Critical Photon OS Security Update - PHSA-2022-0159

2022-03-02 00:00:00

Critical Photon OS Security Update - PHSA-2022-0364

2022-02-22 00:00:00

Critical Photon OS Security Update - PHSA-2022-4.0-0159

2022-03-07 00:00:00

oraclelinux

go-toolset:ol8addon security update

2022-06-08 00:00:00

go-toolset:ol8 security and bug fix update

2022-05-17 00:00:00

almalinux

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

rocky

go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.006

Percentile

77.8%

JSON

Related for VERACODE:34198