CVE-2015-8618
published 2016-01-27CVE-2015-8618: The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier…
PriorityP338high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
2.63%
83.6th percentile
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| golang | go | — | — |
| golang | go | — | — |
| golang | go | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7x9-6qwf-8m25: The Int
ghsa_unreviewed·2022-05-14
CVE-2015-8618 [HIGH] CWE-200 GHSA-f7x9-6qwf-8m25: The Int
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
OSV
Incorrect calculation affecting RSA computations in math/big
osv·2022-01-05
CVE-2015-8618 Incorrect calculation affecting RSA computations in math/big
Incorrect calculation affecting RSA computations in math/big
Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way.
Specifically, incorrect results in one part of the RSA Chinese Remainder computation can cause the result to be incorrect in such a way that it leaks one of the primes. While RSA blinding should prevent an attacker from crafting specific inputs that trigger the bug, on 32-bit systems the
Red Hat
golang: Carry propagation in Int.Exp Montgomery code in math/big library
vendor_redhat·2015-12-21·CVSS 7.5
CVE-2015-8618 [HIGH] golang: Carry propagation in Int.Exp Montgomery code in math/big library
golang: Carry propagation in Int.Exp Montgomery code in math/big library
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
Package: golang (Red Hat Enterprise Linux 7) - Not affected
Package: golang (Red Hat Gluster Storage 3.1) - Not affected
Package: golang (Red Hat OpenShift Enterprise 3) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library
bugzilla·2015-12-21·CVSS 7.5
CVE-2015-8618 [HIGH] CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library
CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library
Carry propagation in Int.Exp Montgomery function was found in golang's math/big library, similar to CVE-2015-3193. This issue was introduced in the 1.5 release and remains present in 1.5.1 and 1.5.2.
Upstream patch:
https://go-review.googlesource.com/#/c/17672/
CVE request:
http://seclists.org/oss-sec/2015/q4/550
Discussion:
Created golang tracking bugs for this issue:
Affects: epel-6 [bug 1293449]
Affects: fedora-all [bug 1293451]
---
golang-1.5.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
---
golang-1.5.3-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note
Bugzilla
CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library [epel-6]
bugzilla·2015-12-21·CVSS 7.5
CVE-2015-8618 [HIGH] CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library [epel-6]
CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 tracking bug for golang: s
Bugzilla
CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library [fedora-all]
bugzilla·2015-12-21·CVSS 7.5
CVE-2015-8618 [HIGH] CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library [fedora-all]
CVE-2015-8618 golang: Carry propagation in Int.Exp Montgomery code in math/big library [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175642.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/176179.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00077.htmlhttp://www.openwall.com/lists/oss-security/2015/12/21/6http://www.openwall.com/lists/oss-security/2015/12/22/9http://www.openwall.com/lists/oss-security/2016/01/13/7https://github.com/golang/go/issues/13515https://go-review.googlesource.com/#/c/17672/https://groups.google.com/forum/#%21topic/golang-announce/MEATuOi_ei4http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175642.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/176179.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00077.htmlhttp://www.openwall.com/lists/oss-security/2015/12/21/6http://www.openwall.com/lists/oss-security/2015/12/22/9http://www.openwall.com/lists/oss-security/2016/01/13/7https://github.com/golang/go/issues/13515https://go-review.googlesource.com/#/c/17672/https://groups.google.com/forum/#%21topic/golang-announce/MEATuOi_ei4
2016-01-27
Published