icon

We found results for “

CVE-2018-16875

Good to know:

icon

Date: December 14, 2018

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

Language: RUST

Severity Score

Severity Score

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version golang 1.10.6,golang 1.11.3, webpki - 0.22.2, rustls-webpki - 0.100.2,0.101.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us