Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-3959

Опубликовано: 05 апр. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 4.3
EPSS Низкий

Описание

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

A denial of service vulnerability was found in Go's verification of DSA public keys. An attacker could provide a crafted key to HTTPS client or SSH server libraries which would cause the application to enter an infinite loop.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3golangWill not fix
Red Hat Enterprise Linux 7golangFixedRHSA-2016:153802.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1324343golang: infinite loop in several big integer routines

EPSS

Процентиль: 85%
0.0247
Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-3959

CVSS3: 7.5
ubuntu
больше 9 лет назад

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

nvd логотип

CVE-2016-3959

CVSS3: 7.5
nvd
больше 9 лет назад

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

msrc логотип

CVE-2016-3959

msrc
5 месяцев назад

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

debian логотип

CVE-2016-3959

CVSS3: 7.5
debian
больше 9 лет назад

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x ...

github логотип

GHSA-w7w7-9368-hffm

CVSS3: 7.5
github
больше 3 лет назад

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

EPSS

Процентиль: 85%
0.0247
Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2