CVE-2025-22866

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-22866

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22866.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-22866

Aliases

Related

Published

2025-02-06T17:15:21Z

Modified

2025-02-21T20:04:24.353428Z

Summary

[none]

Details

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

References

Affected packages

Debian:11 / golang-1.15

Package

Name: golang-1.15
Purl: pkg:deb/debian/golang-1.15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.15.9-6

1.15.15-1~deb11u1

1.15.15-1~deb11u2

1.15.15-1~deb11u3

1.15.15-1~deb11u4

1.15.15-1

1.15.15-2

1.15.15-3

1.15.15-4

1.15.15-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-1.19

Package

Name: golang-1.19
Purl: pkg:deb/debian/golang-1.19?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.19.8-2

1.19.9-1

1.19.10-1

1.19.10-2

1.19.11-1

1.19.12-1

1.19.12-2~bpo11+1

1.19.12-2~bpo12+1

1.19.12-2

1.19.13-1~bpo11+1

1.19.13-1~bpo12+1

1.19.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-1.22

Package

Name: golang-1.22
Purl: pkg:deb/debian/golang-1.22?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22.12-1

Affected versions

1.*

1.22~rc1-1

1.22~rc1-2~bpo12+1

1.22~rc1-2

1.22~rc2-1

1.22.0-1~bpo12+1

1.22.0-1

1.22.0-2~bpo12+1

1.22.0-2

1.22.1-1~bpo12+1

1.22.1-1

1.22.2-1

1.22.2-2

1.22.3-1

1.22.4-1

1.22.5-1

1.22.6-1

1.22.7-1~bpo12+1

1.22.7-1

1.22.8-1

1.22.9-1

1.22.9-2~bpo12+1

1.22.9-2

1.22.10-1

1.22.11-1~bpo12+1

1.22.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-1.23

Package

Name: golang-1.23
Purl: pkg:deb/debian/golang-1.23?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.23.6-1

Affected versions

1.*

1.23~rc1-1

1.23~rc2-1

1.23~rc2-2

1.23.0-1

1.23.1-1

1.23.1-2

1.23.1-3

1.23.2-1

1.23.3-1

1.23.3-2~bpo12+1

1.23.3-2

1.23.4-1

1.23.4-2

1.23.5-1~bpo12+1

1.23.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-1.24

Package

Name: golang-1.24
Purl: pkg:deb/debian/golang-1.24?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24~rc3-1

Affected versions

1.*

1.24~rc1-1

1.24~rc2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}