TROYANOSYVIRUS
Back to CVEs

CVE-2019-17596

HIGH
7.5

Description

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

CVE Details

CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/24/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

arista:cloudvision_portalarista:eosarista:mosarista:terminattrdebian:debian_linuxfedoraproject:fedoragolang:goopensuse:leapredhat:developer_toolsredhat:enterprise_linuxredhat:enterprise_linux_server

Weaknesses (CWE)

CWE-436

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0101(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0329(cve@mitre.org)
https://github.com/golang/go/issues/34960(cve@mitre.org)
https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20191122-0005/(cve@mitre.org)
https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46(cve@mitre.org)
https://www.debian.org/security/2019/dsa-4551(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0101(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0329(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/golang/go/issues/34960(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20191122-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4551(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.