Описание
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | golang | Out of support scope | ||
| Red Hat Ceph Storage 3 | golang | Affected | ||
| Red Hat Ceph Storage 3 | grafana | Not affected | ||
| Red Hat Enterprise Linux 7 | golang | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.10 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.9 | atomic-openshift | Out of support scope | ||
| Red Hat Storage 3 | golang | Affected | ||
| Red Hat Storage 3 | grafana | Not affected | ||
| Red Hat Storage 3 | heketi | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ...
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
7.5 High
CVSS3