9 matches found
Moderate: Red Hat Security Advisory: skopeo security update
An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
golang: crypto/tls: slow verification of certificate chains containing large RSA keys
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying...
Rocky Linux 9 : go-toolset and golang (RLSA-2023:5738)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5738 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RS...
Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-5738)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5738 advisory. - Update to go 1.19.13 CVE-2023-44487 CVE-2023-39325 CVE-2023-29409 go-toolset Tenable has extracted the preceding description block directly from the...
golang: crypto/tls: slow verification of certificate chains containing large RSA keys
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying...
Important: docker
Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
Golang < 1.19.12 / 1.20.x < 1.20.7 DoS
The version of Golang Go installed on the remote host is affected by denial of service vulnerability. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is...
Allocation of Resources Without Limits or Throttling
Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the crypto/tls process. An attacker can cause excessive CPU consumption by presenting...
CVE-2004-2531
X.509 Certificate Signature Verification in Gnu transport layer security library GnuTLS 1.0.16 allows remote attackers to cause a denial of service CPU consumption via certificates containing long chains and signed with large RSA keys...