]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 6c356ae) | patch
go: fix CVE-2022-23806
authorMinjae Kim <flowergom@gmail.com>
Sat, 26 Feb 2022 20:55:34 +0000 (20:55 +0000)
committerSteve Sakoman <steve@sakoman.com>
Mon, 28 Feb 2022 14:00:48 +0000 (04:00 -1000)
commiteb7aa0929ecd712aeeec0ff37dfb77c3da33b375
treec01f8bcf73ef3dfe3895f32a72ed2b142c3abcf9tree | snapshot
parent6c356aec8dabc08bd98da3106780896dc7b52501commit | diff
go: fix CVE-2022-23806

crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates

Some big.Int values that are not valid field elements (negative or overflowing)
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
may cause a panic or an invalid curve operation. Note that Unmarshal will never
return such values.

Upstream-Status: Backport [https://go.dev/issue/50974]
CVE: CVE-2022-23806
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.14.inc diff | blob | history
meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch [new file with mode: 0644] blob
Mirror of the official openembedded-core repository