CVE-2018-16875 log

Severity Medium
Remote Yes
Type Denial of service
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
Group Package Affected Fixed Severity Status Ticket
AVG-835 go, go-pie 2:1.11.2-2 2:1.11.3-1 High Fixed
Date Advisory Group Package Severity Type
18 Dec 2018 ASA-201812-12 AVG-835 go-pie High multiple issues
18 Dec 2018 ASA-201812-11 AVG-835 go High multiple issues