Elliptic Curve Vulnerability in Go Versions 1.10.8 and 1.11.x

Elliptic Curve Vulnerability in Go Versions 1.10.8 and 1.11.x

CVE-2019-6486 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

Learn more about our Web Application Penetration Testing UK.