Main Vulnerability Database SB2017060240

SB2017060240 - Fedora 25 update for golang

Published: June 2, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017060240

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Recovery attack (CVE-ID: CVE-2017-8932)

The vulnerability allows a remote attacker to conduct recovery attack on the target system.

The weakness exists due to a flaw in the standard library ScalarMult implementation of curve P-256 for amd64 architectures. A remote attacker can submit specially crafted points and observe failures to the derive correct output to conduct full key recovery attack against static ECDH.

Successful exploitation of the vulnerability may result in further attacks.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2017-278f46fcd6