CVE-2019-11840: golang.org/x/crypto/salsa20/salsa uses insufficiently random values
5.9
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.8405%
CWE
Published
5/24/2022
Updated
9/29/2023
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
golang.org/x/crypto | go | < 0.0.0-20190320223903-b7391e95e576 | 0.0.0-20190320223903-b7391e95e576 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the amd64-specific assembly implementation of Salsa20
's XORKeyStream()
function. The CVE description explicitly mentions the amd64 implementation's failure when counters exceed 32 bits. The commit b7391e95
shows modifications to the salsa20_amd64.s
assembly file to fix counter handling. The GitHub issue #30965 confirms this affects the XORKeyStream
implementation in the amd64 assembly code. The vulnerability manifests specifically in the low-level counter management logic that wasn't properly handling 64-bit values, leading to keystream repetition.