Lucene search
Veracode Vulnerability DatabaseVERACODE:3979HistoryApr 27, 2017 - 6:26 a.m.
Invalid Curve Attack
2017-04-2706:26:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
54.6%
github.com/square/go-jose is vulnerable to invalid curve attacks. These attacks are possible when using key agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES), allowing attackers to recover the private secret key.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/square/go-jose | eq | HEAD | |
| github.com/square/go-jose | le | 2.0.1 |
Related
github
github
Elliptic Curve Key Disclosure in go-jose
2021-06-23 17:17:52
ubuntucve
ubuntucve
CVE-2016-9121
2017-03-28 00:00:00
osv
osv
Elliptic curve key disclosure in github.com/square/go-jose
2021-04-14 20:04:52
Elliptic Curve Key Disclosure in go-jose
2021-06-23 17:17:52
CVE-2016-9121
2017-03-28 02:59:00
cve
cve
CVE-2016-9121
2017-03-28 02:59:00
prion
prion
Code injection
2017-03-28 02:59:00
debiancve
debiancve
CVE-2016-9121
2017-03-28 02:59:00
cvelist
cvelist
CVE-2016-9121
2017-03-28 02:46:00
gitlab
gitlab
Inadequate Encryption Strength
2021-06-23 00:00:00
nvd
nvd
CVE-2016-9121
2017-03-28 02:59:00