| Package | golang |
|---|---|
| Version | 2:1.3.3-1+deb8u5 |
| Related CVEs | CVE-2022-23806 |
In the Go programming language, Curve.IsOnCurve in crypto/elliptic can incorrectly return true in situations with a big.Int value that is not a valid field element. Operating on those values may cause a panic or an invalid curve operation.
For Debian 8 jessie, these problems have been fixed in version 2:1.3.3-1+deb8u5.
We recommend that you upgrade your golang packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.