Lucene search
+L

11 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 11:48 a.m.6 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.1AI score0.00349EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/09 11:0 a.m.4 views

golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate...

6.5CVSS6.1AI score0.00274EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/08 1:25 p.m.2 views

golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate...

6.5CVSS6.8AI score0.00274EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/06 9:3 p.m.2 views

Improper Certificate Validation

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report:When verifying a certificate chain which contains a certificate containing multiple email address constraints whic...

8.7CVSS5.8AI score0.00606EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-16875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow...

7.8CVSS6.7AI score0.06325EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/26 1:56 p.m.3 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2020/04/29 12:0 a.m.5 views

The vulnerability of the Go programming language’s crypto/x509 package, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language’s crypto/x509 package is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

7.8CVSS6.7AI score0.06325EPSS
Exploits0References10Affected Software2
Gentoo Linux
Gentoo Linux
added 2018/12/21 12:0 a.m.95 views

Go: Multiple vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause arbitrar...

8.1CVSS8.4AI score0.66252EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/12/20 12:0 a.m.38 views

openSUSE: Security Advisory for go1.11 (openSUSE-SU-2018:4181-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS8AI score0.66252EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/12/19 12:9 p.m.113 views

Security update for go1.11 (important)

This new package for go1.11 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag bsc1118897 - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution bsc1118898 -...

1.4AI score0.66252EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/12/17 12:0 a.m.48 views

Amazon Linux AMI : golang (ALAS-2018-1130)

In Go before 1.10.6 and 1.11.x before 1.11.3, the 'go get' command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

8.1CVSS8AI score0.66252EPSS
Exploits0References4
Rows per page
Query Builder