CVE-2025-22866 – stdlib

Package

Manager: go
Name: stdlib
Vulnerable Version: >=0 <1.22.12

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00012 pctl0.01195

Details

Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

Metadata

Created: 2025-02-06T16:38:14Z
Modified: 2025-02-08T08:11:54.994992Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F115
Auto approve: 1