TROYANOSYVIRUS
Volver a CVEs

CVE-2019-17596

HIGH
7.5

Descripcion

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Detalles CVE

Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/24/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

arista:cloudvision_portalarista:eosarista:mosarista:terminattrdebian:debian_linuxfedoraproject:fedoragolang:goopensuse:leapredhat:developer_toolsredhat:enterprise_linuxredhat:enterprise_linux_server

Debilidades (CWE)

CWE-436

Referencias

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0101(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0329(cve@mitre.org)
https://github.com/golang/go/issues/34960(cve@mitre.org)
https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20191122-0005/(cve@mitre.org)
https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46(cve@mitre.org)
https://www.debian.org/security/2019/dsa-4551(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0101(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0329(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/golang/go/issues/34960(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20191122-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4551(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.