CVE-2019-11840 — Use of Insufficiently Random Values in X Crypto
Severity
5.9MEDIUMNVD
EPSS
2.1%
top 15.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 9
Latest updateJul 1
Description
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystre…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages2 packages
Also affects: Debian Linux 8.0, 9.0
Patches
🔴Vulnerability Details
5📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2019-11840 golang-googlecode-go-crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter [fedora-all]↗2019-03-21
Bugzilla▶
CVE-2019-11840 source-to-image: golang-googlecode-go-crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter [fedora-all]↗2019-03-21
Bugzilla▶
CVE-2019-11840 golang-googlecode-go-crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter [epel-all]↗2019-03-21
Bugzilla▶
CVE-2019-11840 gomtree: golang-googlecode-go-crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter [fedora-all]↗2019-03-21
Bugzilla▶
CVE-2019-11840 golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter↗2019-03-21