Home > Vulnerability Database > CVE-2018-16875

Mend.io Vulnerability Database

CVE-2018-16875

Good to know:

Date: December 14, 2018

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

Language: RUST

Severity Score

7.5

Related Resources (22)

Url: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-16875

Url: https://access.redhat.com/security/cve/CVE-2018-16875

Url: https://go.dev/cl/154105

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875

Url: https://go.googlesource.com/go/+/770130659b6fb2acf271476579a3644e093dda7f

Url: https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0

Url: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html

Url: https://security.gentoo.org/glsa/201812-09

Url: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html

Url: https://rustsec.org/advisories/RUSTSEC-2023-0052.html

Url: http://www.securityfocus.com/bid/106230

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16875

Url: https://crates.io/crates/webpki

Url: https://groups.google.com/g/golang-announce/c/Kw31K8G7Fi0

Url: https://go.dev/issue/29233

Url: https://rustsec.org/advisories/RUSTSEC-2023-0053.html

Url: http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html

Url: https://crates.io/crates/rustls-webpki

Url: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html

Url: https://www.mend.io/resources/blog/top-5-go-vulnerabilities

Url: https://www.mend.io/vulnerability-database/CVE-2018-16875

Severity Score

7.5

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version golang 1.10.6,golang 1.11.3, webpki - 0.22.2, rustls-webpki - 0.100.2,0.101.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-16875

Good to know:

Date: December 14, 2018

Language: RUST

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?