Vulnerability Details : CVE-2019-11840
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.
Products affected by CVE-2019-11840
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11840
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11840
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2019-11840
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11840
-
https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
[SECURITY] [DLA 2442-1] obfs4proxy security updateMailing List;Third Party Advisory
-
https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
[security] Vulnerability in golang.org/x/crypto/salsa20 - Google GroepenMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
[SECURITY] [DLA 3455-1] golang-go.crypto security update
-
https://github.com/golang/go/issues/30965
x/crypto/salsa20: keystream loop in amd64 implementation after 256GiB · Issue #30965 · golang/go · GitHubThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
[SECURITY] [DLA 2402-1] golang-go.crypto security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
[SECURITY] [DLA 2454-1] rclone security updateMailing List;Third Party Advisory
-
https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
b7391e95e576cacdcdd422573063bc057239113d - crypto - Git at GoogleMailing List;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1691529
1691529 – (CVE-2019-11840) CVE-2019-11840 golang-googlecode-go-crypto: Keystream loop in amd64 assembly when overflowing 32-bit counterIssue Tracking;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
[SECURITY] [DLA 2527-1] snapd security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
[SECURITY] [DLA 1840-1] golang-go.crypto security updateMailing List;Third Party Advisory
Jump to