CVE-2019-17596

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17596
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17596.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17596
Aliases
Related
Published
2019-10-24T22:15:10Z
Modified
2024-10-12T04:36:14.369677Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type
GIT
Repo
https://github.com/golang/go
Events

Affected versions

go1.*

go1.12
go1.12.1
go1.12.10
go1.12.2
go1.12.3
go1.12.4
go1.12.5
go1.12.6
go1.12.7
go1.12.8
go1.12.9