CVE-2016-3959 – stdlib

Package

Manager: go
Name: stdlib
Vulnerable Version: >=0 <1.5.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0247 pctl0.8468

Details

Denial of service due to unchecked parameters in crypto/dsa The Verify function in crypto/dsa passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go SSH server libraries are both exposed to this vulnerability.

Metadata

Created: 2022-05-24T22:06:33Z
Modified: 2024-05-20T16:03:47Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F002
Auto approve: 1