Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "golang-1.13-go-dbgsym": "1.13.3-1ubuntu1", "golang-1.13-go": "1.13.3-1ubuntu1", "golang-1.13-doc": "1.13.3-1ubuntu1", "golang-1.13-src": "1.13.3-1ubuntu1", "golang-1.13": "1.13.3-1ubuntu1" } ] }