CVE-2021-3114 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Incorrect calculation
Description	A security issue was found in Go and fixed in versions 1.15.7 and 1.14.14. The P224() Curve implementation can in rare circumstances generate incorrect outputs, including returning invalid points from ScalarMult. The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls) packages support P-224 ECDSA keys, but they are not supported by publicly trusted certificate authorities. No other standard library or golang.org/x/crypto package supports or uses the P-224 curve.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1481	go	2:1.15.6-1	2:1.15.7-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
20 Jan 2021	ASA-202101-27	AVG-1481	go	Medium	multiple issues

References
https://groups.google.com/g/golang-announce/c/mperVMGa98w/m/yo5W5wnvAAAJ https://github.com/golang/go/issues/43788 https://github.com/golang/go/commit/5c8fd727c41e31273923c32b33d4f25855f4e123