Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-17596

Опубликовано: 24 окт. 2019
Источник: debian
EPSS Низкий

Описание

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.13fixed1.13.3-1package
golang-1.12fixed1.12.12-1package
golang-1.11removedpackage
golang-1.8removedpackage
golang-1.7removedpackage
golangremovedpackage
golangignoredjessiepackage

Примечания

  • https://golang.org/issue/34960

  • https://github.com/golang/go/issues/34962 (1.13 backport)

  • https://github.com/golang/go/issues/34961 (1.12 backport)

  • https://groups.google.com/forum/#!msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ

EPSS

Процентиль: 88%
0.04061
Низкий

Связанные уязвимости

CVSS3: 7.5
ubuntu
почти 6 лет назад

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

CVSS3: 7.5
redhat
почти 6 лет назад

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

CVSS3: 7.5
nvd
почти 6 лет назад

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

CVSS3: 7.5
msrc
11 месяцев назад

Описание отсутствует

github
около 3 лет назад

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

EPSS

Процентиль: 88%
0.04061
Низкий