Miggo Logo

CVE-2019-11840: golang.org/x/crypto/salsa20/salsa uses insufficiently random values

5.9

CVSS Score
3.1

Basic Information

EPSS Score
0.8405%
Published
5/24/2022
Updated
9/29/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
golang.org/x/cryptogo< 0.0.0-20190320223903-b7391e95e5760.0.0-20190320223903-b7391e95e576

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the amd64-specific assembly implementation of Salsa20's XORKeyStream() function. The CVE description explicitly mentions the amd64 implementation's failure when counters exceed 32 bits. The commit b7391e95 shows modifications to the salsa20_amd64.s assembly file to fix counter handling. The GitHub issue #30965 confirms this affects the XORKeyStream implementation in the amd64 assembly code. The vulnerability manifests specifically in the low-level counter management logic that wasn't properly handling 64-bit values, leading to keystream repetition.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in suppl*m*nt*ry *o *rypto*r*p*y li*r*ri*s, *k* *ol*n*-*oo*l**o**-*o-*rypto, ***or* ****-**-**. * *l*w w*s *oun* in t** *m*** impl*m*nt*tion o* *ol*n*.or*/x/*rypto/s*ls*** *n* *ol*n*.or*/x/*rypto/s*ls***/s*ls*. I* mor* t**n **

Reasoning

T** vuln*r**ility st*ms *rom t** *m***-sp**i*i* *ss*m*ly impl*m*nt*tion o* `S*ls***`'s `XORK*yStr**m()` *un*tion. T** *V* **s*ription *xpli*itly m*ntions t** *m*** impl*m*nt*tion's **ilur* w**n *ount*rs *x**** ** *its. T** *ommit `********` s*ows mo*