Allele Security Alert
ASA-2019-00030
Identifier(s)
ASA-2019-00030, CVE-2019-6486
Title
CPU DoS vulnerability affecting P-521 and P-384 elliptic curves
Vendor(s)
The Go Authors
Product(s)
Go
Affected version(s)
Go 1.11.x before 1.11.5
Go 1.10.x before 1.10.8
Fixed version(s)
Go 1.11.5
Go 1.10.8
Proof of concept
Unknown
Description
A DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU.
These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.
If ECDH is used in an Ephemeral-Static protocol, the attacker can use multiple tries to recover the static private key. crypto/tls does not reuse ECDH private keys, so is unaffected, but certain JWT encryption modes are based on ECDH-ES, so would be affected if the private key is a P-384 or P-521 key.
Technical details
Unknown
Credits
Julie Qiu and Filippo Valsorda
Reference(s)
[security] Go 1.11.5 and Go 1.10.8 are released
https://groups.google.com/forum/#!topic/golang-announce/mVeX35iXuSw
crypto/elliptic: CPU DoS vulnerability affecting P-521 and P-384 #29903
https://github.com/golang/go/issues/29903
[release-branch.go1.11-security] crypto/elliptic: reduce subtraction term to prevent long busy loop
https://github.com/golang/go/commit/42b42f71cf8f5956c09e66230293dfb5db652360
CVE-2019-6486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486
CVE-2019-6486
https://nvd.nist.gov/vuln/detail/CVE-2019-6486
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 11, 2019