Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "golang-1.13-go-dbgsym": "1.13.7-1ubuntu1", "golang-1.13-go": "1.13.7-1ubuntu1", "golang-1.13-doc": "1.13.7-1ubuntu1", "golang-1.13-src": "1.13.7-1ubuntu1", "golang-1.13": "1.13.7-1ubuntu1" } ] }