CVE-2019-11840

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.
Configurations

Configuration 1 (hide)

cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

14 May 2024, 05:37

Type Values Removed Values Added
References
  • () https://pkg.go.dev/vuln/GO-2022-0209 -
Summary (en) An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications. (en) An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

17 Jun 2023, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html -

07 Oct 2022, 14:39

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html - Mailing List, Third Party Advisory

Information

Published : 2019-05-09 16:29

Updated : 2024-05-14 05:37


NVD link : CVE-2019-11840

Mitre link : CVE-2019-11840

CVE.ORG link : CVE-2019-11840


JSON object : View

Products Affected

golang

  • crypto

debian

  • debian_linux
CWE
CWE-330

Use of Insufficiently Random Values