CVE-2017-8932

medium

Published 2017-07-06 · Modified 2024-05-20

CVSS v3

5.9

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.3

VIR risk

5.9

Description

Incorrect computation for P-256 curves in crypto/elliptic

Exploit likelihood

69%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://go-review.googlesource.com/c/41070/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html

OS	Version	Status	Fixed in
suse	42.2	affected
fedora	25	affected

Ecosystem	Package	Vulnerable	Fixed
Go	stdlib	`>=1.8.0-0,<1.8.2`	`1.7.6`

Vendor	Product	Versions
golang	go	`{"endIncluding":"1.7.5"}`
golang	go	`1.8`
golang	go	`1.8.1`
novell	suse_package_hub_for_suse_linux_enterprise	`12`

CWE-682

Verify integrity in audit chain (admin only). AS-IS.