PT-2016-5779 · Google+3 · Go+3

Jason Buberel

Publicado

2015-09-28

Atualizado

2024-06-15

CVE-2016-3959

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.5.4 Go versions 1.6.x prior to 1.6.1

Description The issue arises from the Verify function in crypto/dsa/dsa.go not properly checking parameters passed to the big integer library. This could allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. The vulnerability exposes programs using HTTPS client certificates or the Go SSH server libraries to remote denial of service attacks due to potentially extremely long-running computations.

Recommendations For Go versions prior to 1.5.4, update to version 1.5.4 or later. For Go versions 1.6.x prior to 1.6.1, update to version 1.6.1 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2015-1812

ALT-PU-2016-1849

AZL-79052

CESA-2016_1538

CVE-2016-3959

GO-2022-0166

MGASA-2016-0207

OPENSUSE-SU-2024:10028-1

OPENSUSE-SU-2024:10803-1

OPENSUSE-SU-2024:10804-1

OPENSUSE-SU-2024:10805-1

OPENSUSE-SU-2024:10812-1

RHSA-2016:1538

RHSA-2016_1538

Produtos afetados

Alt Linux

Centos

Red Hat

PT-2016-5779 · Google+3 · Go+3

CVE-2016-3959

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 50