Qmuntal

**Name of the Vulnerable Software and Affected Versions** go-ntlmssp versions prior to 0.1.1 **Description** A malicious NTLM challenge message can cause a slice out of bounds panic, leading to a crash of any Go process utilizing `ntlmssp.Negotiator` as an HTTP transport. **Recommendations** Update to version 0.1.1.

**Name of the Vulnerable Software and Affected Versions** Golang (affected versions not specified) **Description** A memory leak flaw was found in Golang's RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in the `rsa.go` file and affects objects `pkey` and `ctx`. This issue can be exploited by an attacker using crafted public RSA keys to cause a denial of service attack by gradually eroding available memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.