CVE-2019-6486 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2019-6486

CVE-2019-6486

January 24, 2019

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

Related Resources (20)

https://go.googlesource.com/go/+/193c16a3648b8670a762e925b6ac6e074f468a20

https://www.debian.org/security/2019/dsa-4380

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00042.html

https://www.debian.org/security/2019/dsa-4379

https://groups.google.com/g/golang-announce/c/mVeX35iXuSw

https://people.canonical.com/~ubuntu-security/cve/CVE-2019-6486

https://lists.debian.org/debian-lts-announce/2019/02/msg00009.html

http://www.securityfocus.com/bid/106740

https://github.com/golang/go/commit/42b42f71cf8f5956c09e66230293dfb5db652360

https://security.alpinelinux.org/vuln/CVE-2019-6486

https://github.com/google/wycheproof

https://github.com/golang/go/issues/29903

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html

https://security-tracker.debian.org/tracker/CVE-2019-6486

https://groups.google.com/forum/#!topic/golang-announce/mVeX35iXuSw

https://go.dev/cl/159218

https://groups.google.com/forum/#%21topic/golang-announce/mVeX35iXuSw

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html

https://go.dev/issue/29903

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html

Do you need more information?

CVSS v4

Base Score:

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

CVSS v2

Base Score:

6.4

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

EPSS

Base Score:

3.00

Products

Solutions

Resources

Company

Compare

Developer Tools