Описание
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- MitigationThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- MitigationThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.9 Medium
CVSS3
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
Уязвимость пакета crypto/x509 языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.9 Medium
CVSS3
7.5 High
CVSS3
7.8 High
CVSS2