Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2019-6486 - DoS vulnerability in the crypto/elliptic implementations #1270

Closed
aaslamin opened this issue Jan 25, 2019 · 1 comment
Closed

CVE-2019-6486 - DoS vulnerability in the crypto/elliptic implementations #1270

aaslamin opened this issue Jan 25, 2019 · 1 comment

Comments

@aaslamin
Copy link
Contributor

Golang issue: golang/go#29903

A DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery. This issue is CVE-2019-6486.

As a result of this, the Golang team has released Go 1.11.5 and Go 1.10.8.

I think all we need to do is release new binaries built against 1.11.5
@sawadashota sawadashota mentioned this issue Jan 26, 2019
Merged
6 tasks
@aeneasr
Copy link
Member

aeneasr commented Jan 28, 2019

Merged!

@aeneasr aeneasr closed this as completed Jan 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aaslamin @aeneasr