The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x
before 1.6.1 does not properly check parameters passed to the big integer
library, which might allow remote attackers to cause a denial of service
(infinite loop) via a crafted public key to a program that uses HTTPS
client certificates or SSH server libraries.
Author | Note |
---|---|
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. |