Search for vulnerabilities
Vulnerability details: VCID-xy23-uwrw-aaad
Vulnerability ID VCID-xy23-uwrw-aaad
Aliases CVE-2022-28327
Summary The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:5006
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5068
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5337
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5415
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5729
rhas Important https://access.redhat.com/errata/RHSA-2022:5799
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5840
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5875
rhas Important https://access.redhat.com/errata/RHSA-2022:6040
rhas Important https://access.redhat.com/errata/RHSA-2022:6042
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6094
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6155
rhas Important https://access.redhat.com/errata/RHSA-2022:6156
rhas Important https://access.redhat.com/errata/RHSA-2022:6187
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28327.json
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00743 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00743 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00743 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00743 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00743 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00743 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
epss 0.00743 https://api.first.org/data/v1/epss?cve=CVE-2022-28327
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2077689
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.3 https://groups.google.com/g/golang-announce
generic_textual MODERATE https://groups.google.com/g/golang-announce
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2022-28327
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28327
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28327
cvssv3.1 5.3 https://security.gentoo.org/glsa/202208-02
generic_textual MODERATE https://security.gentoo.org/glsa/202208-02
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28327.json
https://api.first.org/data/v1/epss?cve=CVE-2022-28327
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://groups.google.com/g/golang-announce
https://groups.google.com/g/golang-announce/c/oecdBNLOml8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://security.gentoo.org/glsa/202208-02
https://security.netapp.com/advisory/ntap-20220915-0010/
2077689 https://bugzilla.redhat.com/show_bug.cgi?id=2077689
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-28327 https://nvd.nist.gov/vuln/detail/CVE-2022-28327
RHSA-2022:5006 https://access.redhat.com/errata/RHSA-2022:5006
RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068
RHSA-2022:5337 https://access.redhat.com/errata/RHSA-2022:5337
RHSA-2022:5415 https://access.redhat.com/errata/RHSA-2022:5415
RHSA-2022:5729 https://access.redhat.com/errata/RHSA-2022:5729
RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
RHSA-2022:5840 https://access.redhat.com/errata/RHSA-2022:5840
RHSA-2022:5875 https://access.redhat.com/errata/RHSA-2022:5875
RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
RHSA-2022:6094 https://access.redhat.com/errata/RHSA-2022:6094
RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152
RHSA-2022:6155 https://access.redhat.com/errata/RHSA-2022:6155
RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156
RHSA-2022:6187 https://access.redhat.com/errata/RHSA-2022:6187
RHSA-2022:6277 https://access.redhat.com/errata/RHSA-2022:6277
RHSA-2022:6290 https://access.redhat.com/errata/RHSA-2022:6290
RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526
RHSA-2022:6714 https://access.redhat.com/errata/RHSA-2022:6714
RHSA-2022:8750 https://access.redhat.com/errata/RHSA-2022:8750
RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
RHSA-2023:3664 https://access.redhat.com/errata/RHSA-2023:3664
RHSA-2023:3914 https://access.redhat.com/errata/RHSA-2023:3914
RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28327.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/g/golang-announce
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-28327
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-28327
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-28327
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.gentoo.org/glsa/202208-02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.19457
EPSS Score 0.00061
Published At May 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.