CVE-2019-6486

Published January 24th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.4

MEDIUM

Affected

PROJECTS

Description

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

golang/go

The Go programming language

GitHub

135K

C2SP/wycheproof

Project Wycheproof tests crypto libraries against known attacks.

GitHub

3.06K