ALT-PU-2019-2090-1
Closed vulnerabilities
Published: 2020-01-28
BDU:2021-01915
Уязвимость библиотек crypto/x509 и golang.org/x/crypto/cryptobyte языка программирования GO, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-03-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-7919
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://groups.google.com/forum/#%21forum/golang-announce
- https://groups.google.com/forum/#%21forum/golang-announce
- https://groups.google.com/forum/#%21topic/golang-announce/Hsw4mHYc470
- https://groups.google.com/forum/#%21topic/golang-announce/Hsw4mHYc470
- https://groups.google.com/forum/#%21topic/golang-announce/-sdUB4VEQkA
- https://groups.google.com/forum/#%21topic/golang-announce/-sdUB4VEQkA
- FEDORA-2020-12bc5b5597
- FEDORA-2020-12bc5b5597
- https://security.netapp.com/advisory/ntap-20200327-0001/
- https://security.netapp.com/advisory/ntap-20200327-0001/
- DSA-4848
- DSA-4848
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html