TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2019-17596

HIGH
7.5

Beschreibung

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

CVE Details

CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/24/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

arista:cloudvision_portalarista:eosarista:mosarista:terminattrdebian:debian_linuxfedoraproject:fedoragolang:goopensuse:leapredhat:developer_toolsredhat:enterprise_linuxredhat:enterprise_linux_server

Schwachen (CWE)

CWE-436

Referenzen

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0101(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0329(cve@mitre.org)
https://github.com/golang/go/issues/34960(cve@mitre.org)
https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20191122-0005/(cve@mitre.org)
https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46(cve@mitre.org)
https://www.debian.org/security/2019/dsa-4551(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0101(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0329(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/golang/go/issues/34960(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20191122-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4551(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.