Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.13.7-1ubuntu1", "binary_name": "golang-1.13" }, { "binary_version": "1.13.7-1ubuntu1", "binary_name": "golang-1.13-doc" }, { "binary_version": "1.13.7-1ubuntu1", "binary_name": "golang-1.13-go" }, { "binary_version": "1.13.7-1ubuntu1", "binary_name": "golang-1.13-go-dbgsym" }, { "binary_version": "1.13.7-1ubuntu1", "binary_name": "golang-1.13-src" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.14~rc1-1", "binary_name": "golang-1.14" }, { "binary_version": "1.14~rc1-1", "binary_name": "golang-1.14-doc" }, { "binary_version": "1.14~rc1-1", "binary_name": "golang-1.14-go" }, { "binary_version": "1.14~rc1-1", "binary_name": "golang-1.14-go-dbgsym" }, { "binary_version": "1.14~rc1-1", "binary_name": "golang-1.14-src" } ] }