CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:8.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*
cpe:2.3:a:arista:cloudvision_portal:2019.1.0:*:*:*:*:*:*:*
cpe:2.3:a:arista:cloudvision_portal:2019.1.1:*:*:*:*:*:*:*
cpe:2.3:a:arista:cloudvision_portal:2019.1.2:*:*:*:*:*:*:*
cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:mos:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:06

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/', 'name': 'FEDORA-2019-34e097c66c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/', 'name': 'FEDORA-2019-4593120208', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/ -

Information

Published : 2019-10-24 22:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-17596

Mitre link : CVE-2019-17596

CVE.ORG link : CVE-2019-17596


JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux
  • developer_tools

arista

  • cloudvision_portal
  • eos
  • mos
  • terminattr

golang

  • go

opensuse

  • leap

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-436

Interpretation Conflict