Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yNWM1LXByOGotcGZwN84AAgqb
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.
Specific Go Packages Affected
golang.org/x/crypto/salsa20/salsa
Permalink: https://github.com/advisories/GHSA-r5c5-pr8j-pfp7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNWM1LXByOGotcGZwN84AAgqb
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.0049
EPSS Percentile: 0.75861
Identifiers: GHSA-r5c5-pr8j-pfp7, CVE-2019-11840
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-11840
- https://github.com/golang/go/issues/30965
- https://bugzilla.redhat.com/show_bug.cgi?id=1691529
- https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
- https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
- https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
- https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
- https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
- https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
- https://go.dev/cl/168406
- https://go.dev/issue/30965
- https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
- https://pkg.go.dev/vuln/GO-2022-0209
- https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
- https://github.com/advisories/GHSA-r5c5-pr8j-pfp7
Blast Radius: 32.0
Affected Packages
go:golang.org/x/crypto
Dependent packages: 125,672Dependent repositories: 269,003
Downloads:
Affected Version Ranges: < 0.0.0-20190320223903-b7391e95e576
Fixed in: 0.0.0-20190320223903-b7391e95e576
All affected versions:
All unaffected versions: 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0, 0.32.0