QSearchQSearch

CVE-2021-3114

6.5 MEDIUM

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the low...

Published: 2021-01-26 · Last updated: 2026-06-17

Severity and scoring

CVSS
6.5 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE
CWE-682

Affected products

VendorProduct
debiancloud_insights_telegraf_agent, debian_linux, fedora
fedoraprojectcloud_insights_telegraf_agent, debian_linux, fedora
golangcloud_insights_telegraf_agent, debian_linux, fedora
netappcloud_insights_telegraf_agent, debian_linux, fedora

Description

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-49975 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
  • CVE-2026-42506 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
  • CVE-2026-42502 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
  • CVE-2026-39821 The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label (9.6 CRITICAL)
  • CVE-2026-27136 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)

Same CWE

  • CVE-2026-44074 Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error cond... (3.7 LOW)
  • CVE-2026-7836 An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remo... (3.1 LOW)
  • CVE-2023-7346 Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin ... (4.0 MEDIUM)
  • CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for ke... (5.0 MEDIUM)
  • CVE-2021-41122 Vyper is a Pythonic Smart Contract Language for the EVM (4.3 MEDIUM)