CVE-2019-11840
5.9 MEDIUMAn issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576
Published: 2019-05-09 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 5.9 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-330
Affected products
| Vendor | Product |
|---|---|
| debian | crypto, debian_linux |
| golang | crypto, debian_linux |
Description
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2019-11840
- [Vendor advisory]https://bugzilla.redhat.com/show_bug.cgi?id=1691529
- [Other]https://github.com/golang/go/issues/30965
- [Patch]https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
- [Other]https://groups.google.com/forum/#%21msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
- [Other]https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
- [Other]https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
- [Other]https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
- [Other]https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
- [Other]https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
- [Other]https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
- [Other]https://pkg.go.dev/vuln/GO-2022-0209
- [Vendor advisory]https://bugzilla.redhat.com/show_bug.cgi?id=1691529
- [Other]https://github.com/golang/go/issues/30965
- [Patch]https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
- [Other]https://groups.google.com/forum/#%21msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
- [Other]https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
- [Other]https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
- [Other]https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
- [Other]https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
- [Other]https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
- [Other]https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
- [Other]https://pkg.go.dev/vuln/GO-2022-0209
Related CVEs
Same vendor
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-42506 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-42502 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-39821 — The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label (9.6 CRITICAL)
- CVE-2026-27136 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
Same CWE
- CVE-2026-50009 — Netty is a network application framework for development of protocol servers and clients (4.8 MEDIUM)
- CVE-2026-45673 — Netty is a network application framework for development of protocol servers and clients (6.8 MEDIUM)
- CVE-2026-41701 — Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter (4.4 MEDIUM)
- CVE-2026-41838 — IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in co... (4.8 MEDIUM)
- CVE-2026-41207 — The netty incubator codec.bhttp is a java language binary http parser (5.3 MEDIUM)