CVE-2021-3114

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

References

https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871

https://groups.google.com/g/golang-announce/c/mperVMGa98w

https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html

https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/

https://security.netapp.com/advisory/ntap-20210219-0001/

https://www.debian.org/security/2021/dsa-4848

Details

Source: MITRE

Published: 2021-01-26

Updated: 2021-03-22

Type: CWE-682

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Impact Score: 2.5

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
152103RHEL 7 / 8 : OpenShift Container Platform 4.8.2 packages and (RHSA-2021:2437)NessusRed Hat Local Security Checks
high
150285Photon OS 3.0: Go PHSA-2021-3.0-0248NessusPhotonOS Local Security Checks
medium
150219EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1947)NessusHuawei Local Security Checks
medium
150208EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1926)NessusHuawei Local Security Checks
medium
150031CentOS 8 : go-toolset:rhel8 (CESA-2021:1746)NessusCentOS Local Security Checks
medium
149924Oracle Linux 8 : go-toolset:ol8 (ELSA-2021-1746)NessusOracle Linux Local Security Checks
medium
149793RHEL 7 / 8 : OpenShift Container Platform 4.7.11 (RHSA-2021:1551)NessusRed Hat Local Security Checks
medium
149662RHEL 8 : go-toolset:rhel8 (RHSA-2021:1746)NessusRed Hat Local Security Checks
medium
149599EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-1901)NessusHuawei Local Security Checks
medium
149552EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-1874)NessusHuawei Local Security Checks
medium
149258RHEL 8 : OpenShift Container Platform 4.7.9 packages and (RHSA-2021:1366)NessusRed Hat Local Security Checks
medium
149054Photon OS 4.0: Go PHSA-2021-4.0-0013NessusPhotonOS Local Security Checks
medium
148224RHEL 7 : OpenShift Container Platform 4.7.4 (RHSA-2021:0958)NessusRed Hat Local Security Checks
medium
147800Debian DLA-2592-1 : golang-1.8 security updateNessusDebian Local Security Checks
critical
147797Debian DLA-2591-1 : golang-1.7 security updateNessusDebian Local Security Checks
critical
146635Amazon Linux 2 : golang (ALAS-2021-1609)NessusAmazon Linux Local Security Checks
medium
146371Debian DSA-4848-1 : golang-1.11 - security updateNessusDebian Local Security Checks
medium
146281Fedora 33 : golang (2021-e435a8bb88)NessusFedora Local Security Checks
medium
145735openSUSE Security Update : go1.14 (openSUSE-2021-190)NessusSuSE Local Security Checks
medium
145720openSUSE Security Update : go1.14 (openSUSE-2021-194)NessusSuSE Local Security Checks
medium
145710openSUSE Security Update : go1.15 (openSUSE-2021-192)NessusSuSE Local Security Checks
medium
145476SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2021:0222-1)NessusSuSE Local Security Checks
medium
145470SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:0223-1)NessusSuSE Local Security Checks
medium
145095FreeBSD : go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve (6a4805d5-5aaf-11eb-a21d-79f5bc5ef6a9)NessusFreeBSD Local Security Checks
medium