github.com/golang/go is vulnerable to Denial Of Service (DoS). The vulnerability exists because handshake_client.go
does not set a max RSA key size, which can lead to extremely large RSA keys in certificate chains causing a client to expend significant CPU time to verify signatures. The fix sets the maximum RSA key to 8192 bits.
github.com/advisories/GHSA-xc82-5m89-g4jv
github.com/golang/go/commit/2300f7ef07718f6be4d8aa8486c7de99836e233f
github.com/golang/go/commit/659f2a22076713bd2500adc82e026b6a746d8ba1
github.com/golang/go/commit/a51957fb0b20bb6c91d0415efca222cc9ecdb770
github.com/golang/go/issues/61460
go-review.googlesource.com/c/go/+/515257
go.dev/cl/515257
go.dev/issue/61460
groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ
pkg.go.dev/vuln/GO-2023-1987
security.gentoo.org/glsa/202311-09
security.netapp.com/advisory/ntap-20230831-0010/