Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 205
    • Merge Requests 205
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9936

Closed
Open
Opened Jan 29, 2019 by Alicha CH@alichaReporter

go: crypto/elliptic implementations of P-521 and P-384 elliptic curves allow for denial of service (CVE-2019-6486)

Go before versions 1.10.8 and 1.11.5 has a vulnerability in the
crypto/elliptic implementations of the P-521 and P-384 elliptic curves.
A remote attacker can exploit this by crafting inputs that consume
excessive amounts of CPU. These inputs might be delivered via TLS
handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA
signatures. In some cases, if an ECDH private key is reused more than
once, the attack can also lead to key recovery.

Fixed In Version:

golang 1.10.8, golang 1.11.5

References:

https://groups.google.com/forum/m/\#!topic/golang-announce/mVeX35iXuSw
https://github.com/golang/go/issues/29903

Patch:

https://github.com/golang/go/commit/42b42f71

(from redmine: issue id 9936, created on 2019-01-29, closed on 2019-02-14)

  • Relations:
    • child #9937 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
Jan 29, 2019
Due date
Jan 29, 2019
Reference: alpine/aports#9936