data/osv/GO-2021-0160.json - vulndb - Git at Google

 {
   "id": "GO-2021-0160",
   "published": "2022-01-05T15:31:16Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
     "CVE-2015-8618"
   ],
   "details": "Int.Exp Montgomery mishandled carry propagation and produced an incorrect\noutput, which makes it easier for attackers to obtain private RSA keys via\nunspecified vectors.\n\nThis issue can affect RSA computations in crypto/rsa, which is used by\ncrypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA\nprivate key due to this issue. Other protocol implementations that create\nmany RSA signatures could also be impacted in the same way.\n\nSpecifically, incorrect results in one part of the RSA Chinese Remainder\ncomputation can cause the result to be incorrect in such a way that it leaks\none of the primes. While RSA blinding should prevent an attacker from crafting\nspecific inputs that trigger the bug, on 32-bit systems the bug can be expected\nto occur at random around one in 2^26 times. Thus collecting around 64 million\nsignatures (of known data) from an affected server should be enough to extract\nthe private key used.\n\nNote that on 64-bit systems, the frequency of the bug is so low\n(less than one in 2^50) that it would be very difficult to exploit.\n",
   "affected": [
     {
       "package": {
         "name": "stdlib",
         "ecosystem": "Go"
       },
       "ranges": [
         {
           "type": "SEMVER",
           "events": [
             {
               "introduced": "1.5.0"
             },
             {
               "fixed": "1.5.3"
             }
           ]
         }
       ],
       "database_specific": {
         "url": "https://pkg.go.dev/vuln/GO-2021-0160"
       },
       "ecosystem_specific": {
         "imports": [
           {
             "path": "math/big",
             "symbols": [
               "nat.expNNMontgomery",
               "nat.montgomery"
             ]
           }
         ]
       }
     }
   ],
   "references": [
     {
       "type": "FIX",
       "url": "https://go.dev/cl/18491"
     },
     {
       "type": "FIX",
       "url": "https://go.googlesource.com/go/+/1e066cad1ba23f4064545355b8737e4762dd6838"
     },
     {
       "type": "FIX",
       "url": "https://go.googlesource.com/go/+/4306352182bf94f86f0cfc6a8b0ed461cbf1d82c"
     },
     {
       "type": "FIX",
       "url": "https://go.dev/cl/17672"
     },
     {
       "type": "REPORT",
       "url": "https://go.dev/issue/13515"
     },
     {
       "type": "WEB",
       "url": "https://groups.google.com/g/golang-announce/c/MEATuOi_ei4"
     }
   ]
 }
	{
	"id": "GO-2021-0160",
	"published": "2022-01-05T15:31:16Z",
	"modified": "0001-01-01T00:00:00Z",
	"aliases": [
	"CVE-2015-8618"
	],
	"details": "Int.Exp Montgomery mishandled carry propagation and produced an incorrect\noutput, which makes it easier for attackers to obtain private RSA keys via\nunspecified vectors.\n\nThis issue can affect RSA computations in crypto/rsa, which is used by\ncrypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA\nprivate key due to this issue. Other protocol implementations that create\nmany RSA signatures could also be impacted in the same way.\n\nSpecifically, incorrect results in one part of the RSA Chinese Remainder\ncomputation can cause the result to be incorrect in such a way that it leaks\none of the primes. While RSA blinding should prevent an attacker from crafting\nspecific inputs that trigger the bug, on 32-bit systems the bug can be expected\nto occur at random around one in 2^26 times. Thus collecting around 64 million\nsignatures (of known data) from an affected server should be enough to extract\nthe private key used.\n\nNote that on 64-bit systems, the frequency of the bug is so low\n(less than one in 2^50) that it would be very difficult to exploit.\n",
	"affected": [
	{
	"package": {
	"name": "stdlib",
	"ecosystem": "Go"
	},
	"ranges": [
	{
	"type": "SEMVER",
	"events": [
	{
	"introduced": "1.5.0"
	},
	{
	"fixed": "1.5.3"
	}
	]
	}
	],
	"database_specific": {
	"url": "https://pkg.go.dev/vuln/GO-2021-0160"
	},
	"ecosystem_specific": {
	"imports": [
	{
	"path": "math/big",
	"symbols": [
	"nat.expNNMontgomery",
	"nat.montgomery"
	]
	}
	]
	}
	}
	],
	"references": [
	{
	"type": "FIX",
	"url": "https://go.dev/cl/18491"
	},
	{
	"type": "FIX",
	"url": "https://go.googlesource.com/go/+/1e066cad1ba23f4064545355b8737e4762dd6838"
	},
	{
	"type": "FIX",
	"url": "https://go.googlesource.com/go/+/4306352182bf94f86f0cfc6a8b0ed461cbf1d82c"
	},
	{
	"type": "FIX",
	"url": "https://go.dev/cl/17672"
	},
	{
	"type": "REPORT",
	"url": "https://go.dev/issue/13515"
	},
	{
	"type": "WEB",
	"url": "https://groups.google.com/g/golang-announce/c/MEATuOi_ei4"
	}
	]
	}