CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Configurations

Configuration 1

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2022-02-11 01:15

Updated : 2022-11-09 09:25


NVD link : CVE-2022-23806

Mitre link : CVE-2022-23806

Products Affected
No products.
CWE
CWE-252

Unchecked Return Value