CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-11 01:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-23806

Mitre link : CVE-2022-23806

CVE.ORG link : CVE-2022-23806


JSON object : View

Products Affected

debian

  • debian_linux

netapp

  • kubernetes_monitoring_operator
  • storagegrid
  • cloud_insights_telegraf_agent
  • beegfs_csi_driver

golang

  • go
CWE
CWE-252

Unchecked Return Value