CVE-2019-17596

March 14, 2021

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Summary:

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Reference Links(if available):

  • https://github.com/golang/go/issues/34960
  • https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ
  • https://www.debian.org/security/2019/dsa-4551
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/

    • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    CISA Logo

    CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

    April 26, 2024
    CISA Logo

    CISA: CISA and Partners Release Advisory on Akira Ransomware

    April 26, 2024
    CISA Logo

    CISA: CISA Releases Four Industrial Control Systems Advisories

    April 26, 2024
    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 26, 2024
    CISA Logo

    CISA: Oracle Releases Critical Patch Update Advisory for April 2024

    April 26, 2024