CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

20 Apr 2023, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html -

09 Nov 2022, 21:25

Type Values Removed Values Added
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202208-02 - (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory

04 Aug 2022, 16:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-02 -

25 Jul 2022, 18:21

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

10 May 2022, 18:03

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
First Time Debian
Debian debian Linux

28 Apr 2022, 12:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html -
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html -

29 Mar 2022, 16:08

Type Values Removed Values Added
First Time Netapp kubernetes Monitoring Operator
Netapp cloud Insights Telegraf Agent
Netapp
Netapp storagegrid
Netapp beegfs Csi Driver
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0006/ - Third Party Advisory
CPE cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*

25 Feb 2022, 10:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0006/ -

17 Feb 2022, 18:23

Type Values Removed Values Added
First Time Golang go
Golang
References (MISC) https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ - (MISC) https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ - Release Notes, Vendor Advisory
CWE CWE-252
CVSS v2 : unknown
v3 : unknown
v2 : 6.4
v3 : 9.1
CPE cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

11 Feb 2022, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-11 01:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-23806

Mitre link : CVE-2022-23806

CVE.ORG link : CVE-2022-23806


JSON object : View

Products Affected

netapp

  • kubernetes_monitoring_operator
  • storagegrid
  • beegfs_csi_driver
  • cloud_insights_telegraf_agent

golang

  • go

debian

  • debian_linux
CWE
CWE-252

Unchecked Return Value