CVE-2019-11840

MEDIUM

golang.org/x/crypto <0.0.0-20190320223903 - Memory Corruption

Title source: llm
STIX 2.1

Description

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

References (11)

Core 11
Core References
Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1691529
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html

Scores

CVSS v3 5.9
EPSS 0.0179
EPSS Percentile 83.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-330
Status published
Products (6)
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
golang/crypto
golang/crypto < 2019-03-20
x/crypto 0 - 0.0.0-20190320223903-b7391e95e576Go
Published May 09, 2019
Tracked Since Feb 18, 2026