CVE-2022-23806 vulnerability in GoLang and Other Products
Published on February 11, 2022
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Products Associated with CVE-2022-23806
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-23806 are published in these products:
Exploit Probability
EPSS
0.02%
Percentile
6.25%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.