VDB
CVE-2025-22866
CVE-2025-22866
PUBLISHED
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
EPSS 0.02% · 6.5th percentile
Risk Scores
EPSS Score
0.02%
6.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | golang | 0, 1.23.0-0, 1.24.0-0 |
| Bitnami | golang | 0, 1.23.0-0, 1.24.0-0 |
Timeline
- Feb 4, 2025 CVE Published
- Feb 6, 2025 Coalition ESS Score
- Feb 7, 2025 EPSS Score
- Feb 10, 2025 Coalition ESS Score
- Feb 11, 2025 Coalition ESS Score
- Feb 22, 2025 EPSS Score
- Feb 22, 2025 Coalition ESS Score
- Mar 8, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 21, 2025 EPSS Score
- May 6, 2025 EPSS Score
References
- https://go.dev/cl/643735 url
- https://go.dev/issue/71383 url
- https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k url
- https://pkg.go.dev/vuln/GO-2025-3447 url
- https://security.netapp.com/advisory/ntap-20250221-0002/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-22866 url
- Multiples vulnérabilités dans VMware Tanzu Greenplum advisory
- Multiples vulnérabilités dans les produits IBM advisory
- Multiples vulnérabilités dans les produits Splunk advisory
- Multiples vulnérabilités dans VMware Tanzu advisory
- Multiples vulnérabilités dans les produits VMware advisory