CVE-2019-17596

Exploit

EPSS 2.34%
Published 24.10.2019 22:15:10
Last modified 21.11.2024 04:32:36
Source cve@mitre.org
Teams watchlist Login
Open Login

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Affected products Warnungen 0 Metrics 3 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Golang ≫ Go Version >= 1.12 < 1.12.11

Golang ≫ Go Version >= 1.13 < 1.13.2

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Redhat ≫ Developer Tools Version1.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Server Version8.1

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Arista ≫ Cloudvision Portal Version >= 2018.1.0 <= 2018.2.3

Arista ≫ Cloudvision Portal Version2019.1.0

Arista ≫ Cloudvision Portal Version2019.1.1

Arista ≫ Cloudvision Portal Version2019.1.2

Arista ≫ Terminattr Version <= 1.7.2

Arista ≫ Eos Version <= 4.23.1f

Arista ≫ Mos Version <= 0.25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.34%	0.842

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-436 Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2020:0101

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0329

Third Party Advisory

https://github.com/golang/go/issues/34960

Patch

Third Party Advisory

Exploit

Issue Tracking

https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ

Third Party Advisory

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/

https://security.netapp.com/advisory/ntap-20191122-0005/

Third Party Advisory

https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46

Third Party Advisory

https://www.debian.org/security/2019/dsa-4551

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-17596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-17596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-17596

EUVD