VDB
CVE-2015-8618
CVE-2015-8618
PUBLISHED
CVSS 5 MEDIUM
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
EPSS 0.74% · 73.2th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.74%
73.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| opensuse | leap | 42.1 |
| golang | go | 1.5.1, 1.5, 1.5.2 |
Exploit Intelligence
- FEDORA-2016-5a073cbd93 (circl)
- [oss-security] 20160113 [security] Go security release v1.5.3 (circl)
- https://go-review.googlesource.com/#/c/17672/ (circl)
- [golang-announce] 20160113 [security] Go 1.5.3 is released (circl)
- https://github.com/golang/go/issues/13515 (circl)
- openSUSE-SU-2016:1331 (circl)
- [oss-security] 20151222 Re: CVE request for math/big.Exp (circl)
- [oss-security] 20151221 CVE request for math/big.Exp (circl)
- FEDORA-2016-2dcc094217 (circl)
Timeline
- Jan 27, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- FEDORA-2016-5a073cbd93 vendor-advisory
- [oss-security] 20160113 [security] Go security release v1.5.3 mailing-list
- https://go-review.googlesource.com/#/c/17672/ url
- [golang-announce] 20160113 [security] Go 1.5.3 is released mailing-list
- https://github.com/golang/go/issues/13515 url
- openSUSE-SU-2016:1331 vendor-advisory
- [oss-security] 20151222 Re: CVE request for math/big.Exp mailing-list
- [oss-security] 20151221 CVE request for math/big.Exp mailing-list
- FEDORA-2016-2dcc094217 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-8618 advisory
- https://go-review.googlesource.com/#/c/17672 url
- https://groups.google.com/forum/#!topic/golang-announce/MEATuOi_ei4 url