FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-8618

This CVE name corresponds to:

Entered Topic
2016-01-18 go -- information disclosure vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2015-8618 at cve.mitre.org

Details

Type Candidate
Name CVE-2015-8618
Phase Assigned(20151222)

Description

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.

References

Source Reference
MLIST [golang-announce] 20160113 [security] Go 1.5.3 is released
MLIST [oss-security] 20151221 CVE request for math/big.Exp
MLIST [oss-security] 20151222 Re: CVE request for math/big.Exp
MLIST [oss-security] 20160113 [security] Go security release v1.5.3
CONFIRM https://github.com/golang/go/issues/13515
CONFIRM https://go-review.googlesource.com/#/c/17672/
FEDORA FEDORA-2016-2dcc094217
FEDORA FEDORA-2016-5a073cbd93
SUSE openSUSE-SU-2016:1331

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.