Vulnerability Details : CVE-2022-28327

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
Publish Date : 2022-04-20 Last Update Date : 2023-02-14

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	5.0
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)
CWE ID	CWE id is not defined for this vulnerability

- Related OVAL Definitions

Title	Definition Id	Class	Family
RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate)	oval:com.redhat.rhsa:def:20225337		unix
RHSA-2022:5799: go-toolset and golang security and bug fix update (Important)	oval:com.redhat.rhsa:def:20225799		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2022-28327

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Fedoraproject	Extra Packages For Enterprise Linux	7.0	*	*	*	Version Details Vulnerabilities
2	Application	Fedoraproject	Extra Packages For Enterprise Linux	8.0	*	*	*	Version Details Vulnerabilities
3	OS	Fedoraproject	Fedora	34	*	*	*	Version Details Vulnerabilities
4	OS	Fedoraproject	Fedora	35	*	*	*	Version Details Vulnerabilities
5	OS	Fedoraproject	Fedora	36	*	*	*	Version Details Vulnerabilities
6	Application	Golang	GO	*	*	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Fedoraproject	Extra Packages For Enterprise Linux	2
Fedoraproject	Fedora	3
Golang	GO	1

- References For CVE-2022-28327

https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf

https://lists.fedoraproject.org/archives/list/[email protected]/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/
FEDORA FEDORA-2022-a49babed75

https://groups.google.com/g/golang-announce

https://security.netapp.com/advisory/ntap-20220915-0010/ CONFIRM

https://lists.fedoraproject.org/archives/list/[email protected]/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
FEDORA FEDORA-2022-ba365d3703

https://lists.fedoraproject.org/archives/list/[email protected]/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/
FEDORA FEDORA-2022-c0f780ecf1

https://lists.fedoraproject.org/archives/list/[email protected]/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/
FEDORA FEDORA-2022-e46e6e8317

https://lists.fedoraproject.org/archives/list/[email protected]/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
FEDORA FEDORA-2022-30c5ed5625

https://lists.fedoraproject.org/archives/list/[email protected]/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/
FEDORA FEDORA-2022-53f0c619c5

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
FEDORA FEDORA-2022-fae3ecee19

https://security.gentoo.org/glsa/202208-02
GENTOO GLSA-202208-02

https://groups.google.com/g/golang-announce/c/oecdBNLOml8 CONFIRM

- Metasploit Modules Related To CVE-2022-28327

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)