Jason Buberel

**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.5.4 Go versions 1.6.x prior to 1.6.1 **Description** The issue arises from the `Verify` function in `crypto/dsa/dsa.go` not properly checking parameters passed to the big integer library. This could allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. The vulnerability exposes programs using HTTPS client certificates or the Go SSH server libraries to remote denial of service attacks due to potentially extremely long-running computations. **Recommendations** For Go versions prior to 1.5.4, update to version 1.5.4 or later. For Go versions 1.6.x prior to 1.6.1, update to version 1.6.1 or later.