- Description
- Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
- Source
- security@golang.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4
- Impact score
- 1.4
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
🚨 Lambda Watchdog detected a new UNKNOWN severity CVE 🚨 CVE-2025-22866 was detected in the latest AWS Lambda image scan affecting the stdlib package in 23 images. Check the full report 👉 https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless
@LambdaWatchdog
7 Feb 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22866 Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc… https://t.co/myEnGsS6TI
@CVEnew
6 Feb 2025
247 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🥳 Go 1.23.6 and 1.22.12 are released! 🔐 Security: Includes a security fix for crypto/elliptic (CVE-2025-22866). 🔈 Announcement: https://t.co/Ls2ISr7KPY 🗃 Download: https://t.co/9SXuBzla6A #golang https://t.co/K85KjqitV2
@golang
4 Feb 2025
17992 Impressions
113 Retweets
434 Likes
15 Bookmarks
6 Replies
5 Quotes