ALAS2-2021-1609 --- golangID: oval:org.secpod.oval:def:1700557 | Date: (C)2021-02-22 (M)2023-11-13 |
Class: PATCH | Family: unix |
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo