CVE-2021-3114Incorrect Calculation in GO

CWE-682Incorrect Calculation9 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 69.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Golang GODebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedJan 26
Latest updateNov 1

Description

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDgolang/go1.151.15.7+1
Palo Altopaloalto/pan-os

Also affects: Debian Linux 10.0, 9.0, Fedora 33

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-gwfm-9vvh-63r3: In Go before 12022-05-24
OSV
Incorrect operations on the P-224 curve in crypto/elliptic2022-02-17
OSV
CVE-2021-3114: In Go before 12021-01-26
CVEList
CVE-2021-3114: In Go before 12021-01-26

📋Vendor Advisories

4
Palo Alto
PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-11-01
Red Hat
golang: crypto/elliptic: incorrect operations on the P-224 curve2021-01-20
Microsoft
In Go before 1.14.14 and 1.15.x before 1.15.7 crypto/elliptic/p224.go can generate incorrect outputs related to an underflow of the lowest limb during the final complete reduction in the P-224 field.2021-01-12
Debian
CVE-2021-3114: golang-1.15 - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can gener...2021
CVE-2021-3114 — Incorrect Calculation in Golang GO | cvebase