crypto/dsa in github.com/golang/go is vulnerable to denial of service (DoS) attacks. These attacks are possible due to a flaw in the Verify
function in crypto/dsa/dsa.go
. It doesn’t properly check parameters passed to the big integer library. This flaw can be exploited through a a public key given to a program that uses HTTPS client certificates or SSH server libraries.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/golang/go | eq | HEAD | |
github.com/golang/go | le | 1.5.3 | |
github.com/golang/go | le | 1.6 | |
golang | eq | 1.4.2__9.el7 |