Home > Vulnerability Database > CVE-2019-17596

Mend.io Vulnerability Database

CVE-2019-17596

Date: October 24, 2019

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Language: Go

Severity Score

7.5

Related Resources (25)

Url: https://go.googlesource.com/go/+/552987fdbf4c2bc9641016fd323c3ae5d3a0d9a3

Url: https://security-tracker.debian.org/tracker/CVE-2019-17596

Url: https://access.redhat.com/errata/RHSA-2020:0101

Url: https://groups.google.com/g/golang-announce/c/lVEm7llp0w0/m/VbafyRkgCgAJ

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/

Url: https://go.dev/cl/205441

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17596

Url: https://access.redhat.com/security/cve/CVE-2019-17596

Url: https://access.redhat.com/errata/RHSA-2020:0329

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-17596

Url: https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html

Url: https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ

Url: https://security.alpinelinux.org/vuln/CVE-2019-17596

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/

Url: https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html

Url: https://github.com/golang/go/issues/34960

Url: http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html

Url: https://www.debian.org/security/2019/dsa-4551

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/

Url: http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html

Url: https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46

Url: https://security.netapp.com/advisory/ntap-20191122-0005/

Url: https://go.dev/issue/34960

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/

Url: https://www.mend.io/vulnerability-database/CVE-2019-17596

Severity Score

7.5

Weakness Type (CWE)

Interpretation Conflict

CWE-436

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-17596

Date: October 24, 2019

Language: Go

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?