Daniel Mandragona

**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.12.11 Go versions 1.3.x prior to 1.13.2 **Description** The issue is related to an error in the DSA public key verification function, which can cause a panic when processing network traffic containing an invalid DSA public key. This can be exploited by an attacker to cause a denial of service. There are several attack scenarios, including traffic from a client to a server that verifies client certificates. The vulnerability can also be triggered by using crypto/x509.Verify on a crafted X.509 certificate chain, or by invoking crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate request. **Recommendations** For Go versions prior to 1.12.11, update to version 1.12.11 or later to resolve the issue. For Go versions 1.3.x prior to 1.13.2, update to version 1.13.2 or later to resolve the issue. As a temporary workaround, consider disabling the `dsa.Verify()` function until a patch is available. Restrict access to the vulnerable `crypto/x509` module to minimize the risk of exploitation. Avoid using the `crypto/x509.Verify` function on untrusted X.509 certificate chains until the issue is resolved.