Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-10-24 22:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-17596
Mitre link : CVE-2019-17596
CVE.ORG link : CVE-2019-17596
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux
- developer_tools
arista
- cloudvision_portal
- eos
- mos
- terminattr
golang
- go
opensuse
- leap
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-436
Interpretation Conflict