LIN1018-8824 : Security Advisory - go - CVE-2022-23806
Created: Feb 9, 2022
Updated: Feb 24, 2022
Resolved Date: Feb 24, 2022
Found In Version: 10.18.44.1
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace
Description
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
https://nvd.nist.gov/vuln/detail/CVE-2022-23806
