CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type

GIT

Repo

https://github.com/golang/go

Events

Introduced

05e77d41914d247a1e7caf37d7125ccaa5a53505

Fixed

ef74bfc859c918aeab796c2fa18f4a5dde862343

Introduced

cc8838d645b2b7026c1f3aaceb011775c5ca3a08

Fixed

72766093e6bd092eb18df3759055625ba8436484

Introduced

Last affected

edecc650ec95ac1a96d2312980e18d959f89835e

Database specific

{
    "versions": [
        {
            "introduced": "1.12"
        },
        {
            "fixed": "1.12.11"
        },
        {
            "introduced": "1.13"
        },
        {
            "fixed": "1.13.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.2"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17596.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2018.1.0"
            },
            {
                "last_affected": "2018.2.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2019.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2019.1.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2019.1.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.23.1f"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.25"
            }
        ]
    }
]