LIN1021-2770 : Security Advisory - go - CVE-2022-23806
Created: Feb 9, 2022
Updated: May 9, 2022
Resolved Date: May 9, 2022
Found In Version: 10.21.20.1
Fix Version: 10.21.20.11
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace
Description
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
https://nvd.nist.gov/vuln/detail/CVE-2022-23806
