Back to search
CVE-2016-3959
Published: May 23, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20160405 Re: CVE request - Go - DLL loading, Big int
mailing-list
x_refsource_MLIST
https://go-review.googlesource.com/#/c/21533/
x_refsource_CONFIRM
RHSA-2016:1538
vendor-advisory
x_refsource_REDHAT
FEDORA-2016-2940ad5550
vendor-advisory
x_refsource_FEDORA
[golang-announce] 20160412 [security] Go 1.6.1 and 1.5.4 are released
mailing-list
x_refsource_MLIST
FEDORA-2016-59c5e405e3
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2016:1331
vendor-advisory
x_refsource_SUSE
[oss-security] 20160405 CVE request - Go - DLL loading, Big int
mailing-list
x_refsource_MLIST
FEDORA-2016-2fcfc7670f
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now