CVE-2022-23806 The Curve.IsOnCurve function in Go before 1.16.14 and 1.17.x can return true when a big.Int value is not a valid field element.

This could cause the software to appear vulnerable when it is not. Users should upgrade to the latest version of Go.

In the past, when building a new crypto package, the elliptic curve NIST P-256 was chosen as an example. Curve.IsOnCurve incorrectly returned true for the value b'\x00' which is not a valid element of the elliptic curve. This could cause the software to appear vulnerable when it is not. Users should upgrade to the latest version of Go. In the past, when building a new crypto package, the elliptic curve NIST P-256 was chosen as an example. Curve.IsOnCurve incorrectly returned true for the value b'\x00' which is not a valid element of the elliptic curve. This could cause the software to appear vulnerable when it is not. Users should upgrade to the latest version of Go. CVE-2018-11217 - OpenSSH before version 7.9 allows remote attackers to cause a denial of service (CPU consumption) via a series of password authentication requests, as demonstrated by constantly retrying requests that should have failed due to inactivity.

CVE-2018-10881 - OpenVPN before version 2.5.13 and 3.3.x before 3.3.21 allows remote attackers to cause a denial of service (memory consumption) via crafted malformed Extended Remote Control (XRCC) packets.

CVE-2018-11762

Summary

The OpenSSH team has released a security update for OpenSSH versions 7.9 and earlier that addresses three vulnerabilities.

Diffie-Hellmann Key Exchange

The Diffie-Hellmann Key Exchange (DHKE) is used to establish shared secret key between two parties. One party starts with the secret key, while the other party starts with public keys that they want to use. The protocol takes four rounds of negotiations before it is established.

What is Go?

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. It was created by Google in 2009.

This blog post discusses the 5 most common mistakes companies make when outsourcing their SEO and how doing so can help your business be more successful.

Timeline

Published on: 02/11/2022 01:15:00 UTC
Last modified on: 08/04/2022 16:15:00 UTC

References

• https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
• https://security.netapp.com/advisory/ntap-20220225-0006/
• https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html
• https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://security.gentoo.org/glsa/202208-02
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23806