go: crypto/elliptic implementations of P-521 and P-384 elliptic curves allow for denial of service (CVE-2019-6486)
Go before versions 1.10.8 and 1.11.5 has a vulnerability in the
crypto/elliptic implementations of the P-521 and P-384 elliptic
curves.
A remote attacker can exploit this by crafting inputs that consume
excessive amounts of CPU. These inputs might be delivered via TLS
handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA
signatures. In some cases, if an ECDH private key is reused more than
once, the attack can also lead to key recovery.
Fixed In Version:
golang 1.10.8, golang 1.11.5
References:
https://groups.google.com/forum/m/\#!topic/golang-announce/mVeX35iXuSw
https://github.com/golang/go/issues/29903
Patch:
https://github.com/golang/go/commit/42b42f71
(from redmine: issue id 9936, created on 2019-01-29, closed on 2019-02-14)
- Relations:
- child #9937 (closed)