Vulnerabilities > CVE-2022-23806 - Unchecked Return Value vulnerability in multiple products

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
golang
netapp
debian
CWE-252
critical

Summary

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Vulnerable Configurations

Part Description Count
Application
Golang
221
Application
Netapp
4
OS
Debian
1

Common Weakness Enumeration (CWE)