11 matches found
crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation
A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...
golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate...
golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate...
Improper Certificate Validation
Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report:When verifying a certificate chain which contains a certificate containing multiple email address constraints whic...
Linux Distros Unpatched Vulnerability : CVE-2018-16875
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow...
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...
The vulnerability of the Go programming language’s crypto/x509 package, which allows a hacker to trigger a service failure
The vulnerability of the Go programming language’s crypto/x509 package is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
Go: Multiple vulnerabilities
Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause arbitrar...
openSUSE: Security Advisory for go1.11 (openSUSE-SU-2018:4181-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for go1.11 (important)
This new package for go1.11 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag bsc1118897 - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution bsc1118898 -...
Amazon Linux AMI : golang (ALAS-2018-1130)
In Go before 1.10.6 and 1.11.x before 1.11.3, the 'go get' command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...