Open dev-mend-for-github-com[bot] opened 2 years ago
[mirror] Go supplementary cryptography libraries
Dependency Hierarchy: - :x: **github.com/golang/crypto-c2843e01d9a2bc60bb26ad24e09734fdc2d9ec58** (Vulnerable Library)
Found in HEAD commit: 69a84c862836bec3e4be9a461b9e320cda5aeb94
Found in base branch: master
Commit b7391e95 fixes a vulnerability in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages that affects large message sizes or high counter values.
Publish Date: 2019-03-19
URL: WS-2019-0030
Base Score Metrics not available
Type: Upgrade version
Origin: https://go-review.googlesource.com/c/crypto/+/168406/
Release Date: 2019-03-19
Fix Resolution: commit b7391e95e576cacdcdd422573063bc057239113d
WS-2019-0030 - Medium Severity Vulnerability
Vulnerable Library - github.com/golang/crypto-c2843e01d9a2bc60bb26ad24e09734fdc2d9ec58
[mirror] Go supplementary cryptography libraries
Dependency Hierarchy: - :x: **github.com/golang/crypto-c2843e01d9a2bc60bb26ad24e09734fdc2d9ec58** (Vulnerable Library)
Found in HEAD commit: 69a84c862836bec3e4be9a461b9e320cda5aeb94
Found in base branch: master
Vulnerability Details
Commit b7391e95 fixes a vulnerability in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages that affects large message sizes or high counter values.
Publish Date: 2019-03-19
URL: WS-2019-0030
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://go-review.googlesource.com/c/crypto/+/168406/
Release Date: 2019-03-19
Fix Resolution: commit b7391e95e576cacdcdd422573063bc057239113d