Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-17596 (GCVE-0-2019-17596)
Vulnerability from cvelistv5 – Published: 2019-10-24 21:07 – Updated: 2024-08-05 01:47
VLAI
EPSS
Summary
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/golang/go/issues/34960"
},
{
"name": "DSA-4551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4551"
},
{
"name": "FEDORA-2019-4593120208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/"
},
{
"name": "FEDORA-2019-34e097c66c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/"
},
{
"name": "openSUSE-SU-2019:2522",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
},
{
"name": "openSUSE-SU-2019:2521",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191122-0005/"
},
{
"name": "RHSA-2020:0101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0101"
},
{
"name": "RHSA-2020:0329",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0329"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T11:16:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/golang/go/issues/34960"
},
{
"name": "DSA-4551",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4551"
},
{
"name": "FEDORA-2019-4593120208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/"
},
{
"name": "FEDORA-2019-34e097c66c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/"
},
{
"name": "openSUSE-SU-2019:2522",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
},
{
"name": "openSUSE-SU-2019:2521",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191122-0005/"
},
{
"name": "RHSA-2020:0101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0101"
},
{
"name": "RHSA-2020:0329",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0329"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ"
},
{
"name": "https://github.com/golang/go/issues/34960",
"refsource": "CONFIRM",
"url": "https://github.com/golang/go/issues/34960"
},
{
"name": "DSA-4551",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4551"
},
{
"name": "FEDORA-2019-4593120208",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/"
},
{
"name": "FEDORA-2019-34e097c66c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/"
},
{
"name": "openSUSE-SU-2019:2522",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
},
{
"name": "openSUSE-SU-2019:2521",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191122-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191122-0005/"
},
{
"name": "RHSA-2020:0101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0101"
},
{
"name": "RHSA-2020:0329",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0329"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17596",
"datePublished": "2019-10-24T21:07:25.000Z",
"dateReserved": "2019-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:13.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-17596",
"date": "2026-05-25",
"epss": "0.0234",
"percentile": "0.85073"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.12\", \"versionEndExcluding\": \"1.12.11\", \"matchCriteriaId\": \"F1987156-2D29-4F5D-ADCC-0F9DA2C7C0CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.13\", \"versionEndExcluding\": \"1.13.2\", \"matchCriteriaId\": \"00E95CD5-A75B-468A-8C6E-A257FD40E87F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60937D60-6B78-400F-8D30-7FCF328659A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58A2A898-C4C2-4670-8A0D-274F7CE6E460\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2018.1.0\", \"versionEndIncluding\": \"2018.2.3\", \"matchCriteriaId\": \"C86267F6-8B75-4D24-B6A1-A05B44FF5ABC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arista:cloudvision_portal:2019.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECBAF284-5D95-4228-A210-485EE632A4FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arista:cloudvision_portal:2019.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE05159E-0554-4AF6-9F9A-B7C27DA4FA5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arista:cloudvision_portal:2019.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ECA029B-7816-4982-BEE4-4EBC62941911\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.2\", \"matchCriteriaId\": \"20C9F936-ED24-4E9A-A21F-2CD872CC7814\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.23.1f\", \"matchCriteriaId\": \"3485E6A6-7077-48B2-ADF3-7F0095E9FD20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arista:mos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.25\", \"matchCriteriaId\": \"C1D6E445-8665-4BEC-88DE-5D7B217ABA0C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.\"}, {\"lang\": \"es\", \"value\": \"Go versiones anteriores a 1.12.11 y versiones 1.3.x anteriores a 1.13.2, puede entrar en p\\u00e1nico tras intentar procesar el tr\\u00e1fico de red que contiene una clave p\\u00fablica DSA no v\\u00e1lida. Existen varios escenarios de ataque, tal y como el tr\\u00e1fico de un cliente hacia un servidor que comprueba los certificados del cliente.\"}]",
"id": "CVE-2019-17596",
"lastModified": "2024-11-21T04:32:36.500",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-10-24T22:15:10.407",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0101\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0329\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/golang/go/issues/34960\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191122-0005/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4551\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0101\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0329\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/golang/go/issues/34960\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191122-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4551\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-436\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-17596\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-24T22:15:10.407\",\"lastModified\":\"2024-11-21T04:32:36.500\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.\"},{\"lang\":\"es\",\"value\":\"Go versiones anteriores a 1.12.11 y versiones 1.3.x anteriores a 1.13.2, puede entrar en p\u00e1nico tras intentar procesar el tr\u00e1fico de red que contiene una clave p\u00fablica DSA no v\u00e1lida. Existen varios escenarios de ataque, tal y como el tr\u00e1fico de un cliente hacia un servidor que comprueba los certificados del cliente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-436\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12\",\"versionEndExcluding\":\"1.12.11\",\"matchCriteriaId\":\"F1987156-2D29-4F5D-ADCC-0F9DA2C7C0CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13\",\"versionEndExcluding\":\"1.13.2\",\"matchCriteriaId\":\"00E95CD5-A75B-468A-8C6E-A257FD40E87F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60937D60-6B78-400F-8D30-7FCF328659A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58A2A898-C4C2-4670-8A0D-274F7CE6E460\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2018.1.0\",\"versionEndIncluding\":\"2018.2.3\",\"matchCriteriaId\":\"C86267F6-8B75-4D24-B6A1-A05B44FF5ABC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arista:cloudvision_portal:2019.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECBAF284-5D95-4228-A210-485EE632A4FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arista:cloudvision_portal:2019.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE05159E-0554-4AF6-9F9A-B7C27DA4FA5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arista:cloudvision_portal:2019.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ECA029B-7816-4982-BEE4-4EBC62941911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.2\",\"matchCriteriaId\":\"20C9F936-ED24-4E9A-A21F-2CD872CC7814\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.23.1f\",\"matchCriteriaId\":\"3485E6A6-7077-48B2-ADF3-7F0095E9FD20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arista:mos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.25\",\"matchCriteriaId\":\"C1D6E445-8665-4BEC-88DE-5D7B217ABA0C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0101\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0329\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/golang/go/issues/34960\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20191122-0005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4551\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0329\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/golang/go/issues/34960\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20191122-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
BDU:2019-04711
Vulnerability from fstec - Published: 24.10.2019
VLAI
Title
Уязвимость функции dsa.Verify() открытых ключей DSA в языке программирования golang, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции dsa.Verify() открытых ключей DSA в языке программирования golang связана с ошибкой недопустимого DSA открытого ключа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
Сообщество свободного программного обеспечения, Novell Inc., The Go Project, АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, OpenSUSE Leap, Go, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), от 1.12 до 1.12.11 (Go), от 1.13 до 1.13.2 (Go), - (Альт 8 СП), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Golang:
Обновление программного обеспечения до 1.11.6-1+deb10u3 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета golang) до 1.11.6-1+deb10u3 или более поздней версии
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2019-17596/
Для ОСОН ОСнова Оnyx:Обновление программного обеспечения golang-1.15 до версии 1.15.9-3.osnova5
Для ОС ОН «Стрелец»:
Обновление программного обеспечения golang-1.15 до версии 1.15.9-3.osnova6.strelets
Обновление программного обеспечения golang-1.11 до версии 1.11.6-1+deb10u4.osnova6strelets
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-17596
https://security-tracker.debian.org/tracker/CVE-2019-17596
https://github.com/golang/go/issues/34960
https://www.suse.com/security/cve/CVE-2019-17596/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-436
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., The Go Project, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u043e\u0442 1.12 \u0434\u043e 1.12.11 (Go), \u043e\u0442 1.13 \u0434\u043e 1.13.2 (Go), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Golang:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1.11.6-1+deb10u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 golang) \u0434\u043e 1.11.6-1+deb10u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-17596/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f golang-1.15 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.15.9-3.osnova5\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f golang-1.15 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.15.9-3.osnova6.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f golang-1.11 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.11.6-1+deb10u4.osnova6strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.10.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.12.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04711",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-17596",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, OpenSUSE Leap, Go, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dsa.Verify() \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439 DSA \u0432 \u044f\u0437\u044b\u043a\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f golang, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043d\u0444\u043b\u0438\u043a\u0442 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u0439 (CWE-436)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dsa.Verify() \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439 DSA \u0432 \u044f\u0437\u044b\u043a\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f golang \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u043d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e DSA \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0410\u043d\u0430\u043b\u0438\u0437 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u043e\u0431\u044a\u0435\u043a\u0442\u0430",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-17596\nhttps://security-tracker.debian.org/tracker/CVE-2019-17596\nhttps://github.com/golang/go/issues/34960\nhttps://www.suse.com/security/cve/CVE-2019-17596/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-436",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CNVD-2019-38255
Vulnerability from cnvd - Published: 2019-10-30
VLAI
Title
Google Go信任管理问题漏洞
Description
Google Go是美国谷歌(Google)公司的一款静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。
Google Go中存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。
Severity
中
Patch Name
Google Go信任管理问题漏洞的补丁
Patch Description
Google Go是美国谷歌(Google)公司的一款静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。
Google Go中存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/golang/go/issues/34960
Reference
https://access.redhat.com/security/cve/cve-2019-17596
Impacted products
| Name | ['Google GO <1.12.11', 'Google GO 1.3.*,<1.13.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-17596"
}
},
"description": "Google Go\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9759\u6001\u5f3a\u7c7b\u578b\u3001\u7f16\u8bd1\u578b\u3001\u5e76\u53d1\u578b\uff0c\u5e76\u5177\u6709\u5783\u573e\u56de\u6536\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\n\nGoogle Go\u4e2d\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u4e4f\u6709\u6548\u7684\u4fe1\u4efb\u7ba1\u7406\u673a\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u9ed8\u8ba4\u5bc6\u7801\u6216\u8005\u786c\u7f16\u7801\u5bc6\u7801\u3001\u786c\u7f16\u7801\u8bc1\u4e66\u7b49\u653b\u51fb\u53d7\u5f71\u54cd\u7ec4\u4ef6\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/golang/go/issues/34960",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-38255",
"openTime": "2019-10-30",
"patchDescription": "Google Go\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9759\u6001\u5f3a\u7c7b\u578b\u3001\u7f16\u8bd1\u578b\u3001\u5e76\u53d1\u578b\uff0c\u5e76\u5177\u6709\u5783\u573e\u56de\u6536\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nGoogle Go\u4e2d\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u4e4f\u6709\u6548\u7684\u4fe1\u4efb\u7ba1\u7406\u673a\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u9ed8\u8ba4\u5bc6\u7801\u6216\u8005\u786c\u7f16\u7801\u5bc6\u7801\u3001\u786c\u7f16\u7801\u8bc1\u4e66\u7b49\u653b\u51fb\u53d7\u5f71\u54cd\u7ec4\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Go\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Google GO \u003c1.12.11",
"Google GO 1.3.*\uff0c\u003c1.13.2"
]
},
"referenceLink": "https://access.redhat.com/security/cve/cve-2019-17596",
"serverity": "\u4e2d",
"submitTime": "2019-10-23",
"title": "Google Go\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e"
}
FKIE_CVE-2019-17596
Vulnerability from fkie_nvd - Published: 2019-10-24 22:15 - Updated: 2024-11-21 04:32
Severity
Summary
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| golang | go | * | |
| golang | go | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| redhat | developer_tools | 1.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_server | 8.1 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| arista | cloudvision_portal | * | |
| arista | cloudvision_portal | 2019.1.0 | |
| arista | cloudvision_portal | 2019.1.1 | |
| arista | cloudvision_portal | 2019.1.2 | |
| arista | terminattr | * | |
| arista | eos | * | |
| arista | mos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1987156-2D29-4F5D-ADCC-0F9DA2C7C0CF",
"versionEndExcluding": "1.12.11",
"versionStartIncluding": "1.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E95CD5-A75B-468A-8C6E-A257FD40E87F",
"versionEndExcluding": "1.13.2",
"versionStartIncluding": "1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58A2A898-C4C2-4670-8A0D-274F7CE6E460",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86267F6-8B75-4D24-B6A1-A05B44FF5ABC",
"versionEndIncluding": "2018.2.3",
"versionStartIncluding": "2018.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:cloudvision_portal:2019.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBAF284-5D95-4228-A210-485EE632A4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:cloudvision_portal:2019.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE05159E-0554-4AF6-9F9A-B7C27DA4FA5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:cloudvision_portal:2019.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECA029B-7816-4982-BEE4-4EBC62941911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9F936-ED24-4E9A-A21F-2CD872CC7814",
"versionEndIncluding": "1.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3485E6A6-7077-48B2-ADF3-7F0095E9FD20",
"versionEndIncluding": "4.23.1f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:mos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D6E445-8665-4BEC-88DE-5D7B217ABA0C",
"versionEndIncluding": "0.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates."
},
{
"lang": "es",
"value": "Go versiones anteriores a 1.12.11 y versiones 1.3.x anteriores a 1.13.2, puede entrar en p\u00e1nico tras intentar procesar el tr\u00e1fico de red que contiene una clave p\u00fablica DSA no v\u00e1lida. Existen varios escenarios de ataque, tal y como el tr\u00e1fico de un cliente hacia un servidor que comprueba los certificados del cliente."
}
],
"id": "CVE-2019-17596",
"lastModified": "2024-11-21T04:32:36.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-24T22:15:10.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0101"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0329"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/golang/go/issues/34960"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191122-0005/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/golang/go/issues/34960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191122-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4551"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-GCR4-WCQH-3624
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59
VLAI
Details
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
{
"affected": [],
"aliases": [
"CVE-2019-17596"
],
"database_specific": {
"cwe_ids": [
"CWE-436"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-24T22:15:00Z",
"severity": "MODERATE"
},
"details": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
"id": "GHSA-gcr4-wcqh-3624",
"modified": "2022-05-24T16:59:54Z",
"published": "2022-05-24T16:59:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17596"
},
{
"type": "WEB",
"url": "https://github.com/golang/go/issues/34960"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0101"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0329"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20191122-0005"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4551"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2019-17596
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-17596",
"description": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
"id": "GSD-2019-17596",
"references": [
"https://www.suse.com/security/cve/CVE-2019-17596.html",
"https://www.debian.org/security/2019/dsa-4551",
"https://access.redhat.com/errata/RHBA-2020:0390",
"https://access.redhat.com/errata/RHSA-2020:0329",
"https://access.redhat.com/errata/RHSA-2020:0101",
"https://advisories.mageia.org/CVE-2019-17596.html",
"https://security.archlinux.org/CVE-2019-17596",
"https://linux.oracle.com/cve/CVE-2019-17596.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-17596"
],
"details": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
"id": "GSD-2019-17596",
"modified": "2023-12-13T01:23:44.579674Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ"
},
{
"name": "https://github.com/golang/go/issues/34960",
"refsource": "CONFIRM",
"url": "https://github.com/golang/go/issues/34960"
},
{
"name": "DSA-4551",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4551"
},
{
"name": "FEDORA-2019-4593120208",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/"
},
{
"name": "FEDORA-2019-34e097c66c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/"
},
{
"name": "openSUSE-SU-2019:2522",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
},
{
"name": "openSUSE-SU-2019:2521",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191122-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191122-0005/"
},
{
"name": "RHSA-2020:0101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0101"
},
{
"name": "RHSA-2020:0329",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0329"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.13.2",
"versionStartIncluding": "1.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.12.11",
"versionStartIncluding": "1.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018.2.3",
"versionStartIncluding": "2018.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:arista:cloudvision_portal:2019.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:arista:cloudvision_portal:2019.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:arista:cloudvision_portal:2019.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.23.1f",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:mos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.25",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17596"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/golang/go/issues/34960",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/golang/go/issues/34960"
},
{
"name": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ"
},
{
"name": "DSA-4551",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4551"
},
{
"name": "FEDORA-2019-4593120208",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/"
},
{
"name": "FEDORA-2019-34e097c66c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/"
},
{
"name": "openSUSE-SU-2019:2521",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
},
{
"name": "openSUSE-SU-2019:2522",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191122-0005/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191122-0005/"
},
{
"name": "RHSA-2020:0101",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0101"
},
{
"name": "RHSA-2020:0329",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0329"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
},
{
"name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-11-30T19:42Z",
"publishedDate": "2019-10-24T22:15Z"
}
}
}
MSRC_CVE-2019-17596
Vulnerability from csaf_microsoft - Published: 2019-10-02 00:00 - Updated: 2026-02-19 01:35Summary
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to a server that verifies client certificates.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17021-16817 | — | ||
| Unresolved product id: 17021-17084 | — | ||
| Unresolved product id: 19696-17084 | — |
Known affected
3 products
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-3 | — | ||
| Unresolved product id: 17084-4 | — | ||
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2019-17596 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to a server that verifies client certificates. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-17596.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to a server that verifies client certificates.",
"tracking": {
"current_release_date": "2026-02-19T01:35:46.000Z",
"generator": {
"date": "2026-02-21T00:57:53.011Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2019-17596",
"initial_release_date": "2019-10-02T00:00:00.000Z",
"revision_history": [
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-19T01:35:46.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "16817"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.16.2-2",
"product": {
"name": "\u003cazl3 python-tensorboard 2.16.2-2",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.16.2-2",
"product": {
"name": "azl3 python-tensorboard 2.16.2-2",
"product_id": "17021"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.16.2-2",
"product": {
"name": "\u003cazl3 python-tensorboard 2.16.2-2",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.16.2-2",
"product": {
"name": "azl3 python-tensorboard 2.16.2-2",
"product_id": "17021"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.11.0-3",
"product": {
"name": "\u003cazl3 python-tensorboard 2.11.0-3",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.11.0-3",
"product": {
"name": "azl3 python-tensorboard 2.11.0-3",
"product_id": "19696"
}
}
],
"category": "product_name",
"name": "python-tensorboard"
},
{
"category": "product_name",
"name": "azl3 golang 1.23.9-1",
"product": {
"name": "azl3 golang 1.23.9-1",
"product_id": "3"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.23.7-1",
"product": {
"name": "azl3 golang 1.23.7-1",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.24.3-1",
"product": {
"name": "azl3 golang 1.24.3-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.9-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
"product_id": "16817-5"
},
"product_reference": "5",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
"product_id": "17021-16817"
},
"product_reference": "17021",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
"product_id": "17021-17084"
},
"product_reference": "17021",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.11.0-3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.11.0-3 as a component of Azure Linux 3.0",
"product_id": "19696-17084"
},
"product_reference": "19696",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.7-1 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.24.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17596",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-3",
"17084-4",
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17021-16817",
"17021-17084",
"19696-17084"
],
"known_affected": [
"16817-5",
"17084-6",
"17084-2"
],
"known_not_affected": [
"17084-3",
"17084-4",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-17596 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to a server that verifies client certificates. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-17596.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "2.16.2-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16817-5",
"17084-6",
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16817-5",
"17084-6",
"17084-2"
]
}
],
"title": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to a server that verifies client certificates."
}
]
}
OPENSUSE-SU-2019:2521-1
Vulnerability from csaf_opensuse - Published: 2019-11-17 19:22 - Updated: 2019-11-17 19:22Summary
Security update for go1.12
Severity
Moderate
Notes
Title of the patch: Security update for go1.12
Description of the patch: This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).
- CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).
Non-security issue fixed:
- Go was updated to version 1.12.12 (bsc#1141689).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2521
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.12 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).\n- CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).\n\nNon-security issue fixed:\n\n- Go was updated to version 1.12.12 (bsc#1141689).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2521",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2521-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2521-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HUPUAVRZNZNRO55OYBYHREZH7KIAIZQ2/#HUPUAVRZNZNRO55OYBYHREZH7KIAIZQ2"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2521-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HUPUAVRZNZNRO55OYBYHREZH7KIAIZQ2/#HUPUAVRZNZNRO55OYBYHREZH7KIAIZQ2"
},
{
"category": "self",
"summary": "SUSE Bug 1141689",
"url": "https://bugzilla.suse.com/1141689"
},
{
"category": "self",
"summary": "SUSE Bug 1152082",
"url": "https://bugzilla.suse.com/1152082"
},
{
"category": "self",
"summary": "SUSE Bug 1154402",
"url": "https://bugzilla.suse.com/1154402"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16276 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17596 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17596/"
}
],
"title": "Security update for go1.12",
"tracking": {
"current_release_date": "2019-11-17T19:22:02Z",
"generator": {
"date": "2019-11-17T19:22:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2521-1",
"initial_release_date": "2019-11-17T19:22:02Z",
"revision_history": [
{
"date": "2019-11-17T19:22:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.12-lp150.11.1.x86_64",
"product": {
"name": "go1.12-1.12.12-lp150.11.1.x86_64",
"product_id": "go1.12-1.12.12-lp150.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.12-lp150.11.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.12-lp150.11.1.x86_64",
"product_id": "go1.12-doc-1.12.12-lp150.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.12-lp150.11.1.x86_64",
"product": {
"name": "go1.12-race-1.12.12-lp150.11.1.x86_64",
"product_id": "go1.12-race-1.12.12-lp150.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.12-lp150.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64"
},
"product_reference": "go1.12-1.12.12-lp150.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.12-lp150.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.12-lp150.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.12-lp150.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
},
"product_reference": "go1.12-race-1.12.12-lp150.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16276"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16276",
"url": "https://www.suse.com/security/cve/CVE-2019-16276"
},
{
"category": "external",
"summary": "SUSE Bug 1152082 for CVE-2019-16276",
"url": "https://bugzilla.suse.com/1152082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-17T19:22:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-16276"
},
{
"cve": "CVE-2019-17596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17596"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17596",
"url": "https://www.suse.com/security/cve/CVE-2019-17596"
},
{
"category": "external",
"summary": "SUSE Bug 1154402 for CVE-2019-17596",
"url": "https://bugzilla.suse.com/1154402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-17T19:22:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17596"
}
]
}
OPENSUSE-SU-2019:2522-1
Vulnerability from csaf_opensuse - Published: 2019-11-17 19:22 - Updated: 2019-11-17 19:22Summary
Security update for go1.12
Severity
Moderate
Notes
Title of the patch: Security update for go1.12
Description of the patch: This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).
- CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).
Non-security issue fixed:
- Go was updated to version 1.12.12 (bsc#1141689).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2522
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.12 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).\n- CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).\n\nNon-security issue fixed:\n\n- Go was updated to version 1.12.12 (bsc#1141689).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2522",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2522-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2522-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA/#KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2522-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA/#KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA"
},
{
"category": "self",
"summary": "SUSE Bug 1141689",
"url": "https://bugzilla.suse.com/1141689"
},
{
"category": "self",
"summary": "SUSE Bug 1152082",
"url": "https://bugzilla.suse.com/1152082"
},
{
"category": "self",
"summary": "SUSE Bug 1154402",
"url": "https://bugzilla.suse.com/1154402"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16276 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17596 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17596/"
}
],
"title": "Security update for go1.12",
"tracking": {
"current_release_date": "2019-11-17T19:22:11Z",
"generator": {
"date": "2019-11-17T19:22:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2522-1",
"initial_release_date": "2019-11-17T19:22:11Z",
"revision_history": [
{
"date": "2019-11-17T19:22:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.12-lp151.2.25.1.x86_64",
"product": {
"name": "go1.12-1.12.12-lp151.2.25.1.x86_64",
"product_id": "go1.12-1.12.12-lp151.2.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"product_id": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.12-lp151.2.25.1.x86_64",
"product": {
"name": "go1.12-race-1.12.12-lp151.2.25.1.x86_64",
"product_id": "go1.12-race-1.12.12-lp151.2.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.12-lp151.2.25.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64"
},
"product_reference": "go1.12-1.12.12-lp151.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.12-lp151.2.25.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
},
"product_reference": "go1.12-race-1.12.12-lp151.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16276"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16276",
"url": "https://www.suse.com/security/cve/CVE-2019-16276"
},
{
"category": "external",
"summary": "SUSE Bug 1152082 for CVE-2019-16276",
"url": "https://bugzilla.suse.com/1152082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-17T19:22:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-16276"
},
{
"cve": "CVE-2019-17596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17596"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17596",
"url": "https://www.suse.com/security/cve/CVE-2019-17596"
},
{
"category": "external",
"summary": "SUSE Bug 1154402 for CVE-2019-17596",
"url": "https://bugzilla.suse.com/1154402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-17T19:22:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-17596"
}
]
}
OPENSUSE-SU-2024:10805-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.12-1.12.17-4.8 on GA media
Severity
Moderate
Notes
Title of the patch: go1.12-1.12.17-4.8 on GA media
Description of the patch: These are all security issues fixed in the go1.12-1.12.17-4.8 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10805
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
78 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.12-1.12.17-4.8 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.12-1.12.17-4.8 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10805",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10805-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7189 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8618 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3959 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5386 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15041 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15042 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8932 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6574 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11888 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16276 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17596 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
}
],
"title": "go1.12-1.12.17-4.8 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10805-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.17-4.8.aarch64",
"product": {
"name": "go1.12-1.12.17-4.8.aarch64",
"product_id": "go1.12-1.12.17-4.8.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.17-4.8.aarch64",
"product": {
"name": "go1.12-doc-1.12.17-4.8.aarch64",
"product_id": "go1.12-doc-1.12.17-4.8.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.17-4.8.aarch64",
"product": {
"name": "go1.12-race-1.12.17-4.8.aarch64",
"product_id": "go1.12-race-1.12.17-4.8.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.17-4.8.ppc64le",
"product": {
"name": "go1.12-1.12.17-4.8.ppc64le",
"product_id": "go1.12-1.12.17-4.8.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.17-4.8.ppc64le",
"product": {
"name": "go1.12-doc-1.12.17-4.8.ppc64le",
"product_id": "go1.12-doc-1.12.17-4.8.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.17-4.8.ppc64le",
"product": {
"name": "go1.12-race-1.12.17-4.8.ppc64le",
"product_id": "go1.12-race-1.12.17-4.8.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.17-4.8.s390x",
"product": {
"name": "go1.12-1.12.17-4.8.s390x",
"product_id": "go1.12-1.12.17-4.8.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.17-4.8.s390x",
"product": {
"name": "go1.12-doc-1.12.17-4.8.s390x",
"product_id": "go1.12-doc-1.12.17-4.8.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.17-4.8.s390x",
"product": {
"name": "go1.12-race-1.12.17-4.8.s390x",
"product_id": "go1.12-race-1.12.17-4.8.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.17-4.8.x86_64",
"product": {
"name": "go1.12-1.12.17-4.8.x86_64",
"product_id": "go1.12-1.12.17-4.8.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.17-4.8.x86_64",
"product": {
"name": "go1.12-doc-1.12.17-4.8.x86_64",
"product_id": "go1.12-doc-1.12.17-4.8.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.17-4.8.x86_64",
"product": {
"name": "go1.12-race-1.12.17-4.8.x86_64",
"product_id": "go1.12-race-1.12.17-4.8.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.17-4.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64"
},
"product_reference": "go1.12-1.12.17-4.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.17-4.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le"
},
"product_reference": "go1.12-1.12.17-4.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.17-4.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x"
},
"product_reference": "go1.12-1.12.17-4.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.17-4.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64"
},
"product_reference": "go1.12-1.12.17-4.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.17-4.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64"
},
"product_reference": "go1.12-doc-1.12.17-4.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.17-4.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le"
},
"product_reference": "go1.12-doc-1.12.17-4.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.17-4.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x"
},
"product_reference": "go1.12-doc-1.12.17-4.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.17-4.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64"
},
"product_reference": "go1.12-doc-1.12.17-4.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.17-4.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64"
},
"product_reference": "go1.12-race-1.12.17-4.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.17-4.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le"
},
"product_reference": "go1.12-race-1.12.17-4.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.17-4.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x"
},
"product_reference": "go1.12-race-1.12.17-4.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.17-4.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
},
"product_reference": "go1.12-race-1.12.17-4.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-7189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7189"
}
],
"notes": [
{
"category": "general",
"text": "crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7189",
"url": "https://www.suse.com/security/cve/CVE-2014-7189"
},
{
"category": "external",
"summary": "SUSE Bug 898901 for CVE-2014-7189",
"url": "https://bugzilla.suse.com/898901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-7189"
},
{
"cve": "CVE-2015-8618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8618"
}
],
"notes": [
{
"category": "general",
"text": "The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8618",
"url": "https://www.suse.com/security/cve/CVE-2015-8618"
},
{
"category": "external",
"summary": "SUSE Bug 957814 for CVE-2015-8618",
"url": "https://bugzilla.suse.com/957814"
},
{
"category": "external",
"summary": "SUSE Bug 960151 for CVE-2015-8618",
"url": "https://bugzilla.suse.com/960151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-8618"
},
{
"cve": "CVE-2016-3959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3959"
}
],
"notes": [
{
"category": "general",
"text": "The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3959",
"url": "https://www.suse.com/security/cve/CVE-2016-3959"
},
{
"category": "external",
"summary": "SUSE Bug 974232 for CVE-2016-3959",
"url": "https://bugzilla.suse.com/974232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3959"
},
{
"cve": "CVE-2016-5386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5386"
}
],
"notes": [
{
"category": "general",
"text": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5386",
"url": "https://www.suse.com/security/cve/CVE-2016-5386"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5386"
},
{
"cve": "CVE-2017-15041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15041"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.4 and 1.9.x before 1.9.1 allows \"go get\" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, \"go get\" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository\u0027s Git checkout has malicious commands in .git/hooks/, they will execute on the system running \"go get.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15041",
"url": "https://www.suse.com/security/cve/CVE-2017-15041"
},
{
"category": "external",
"summary": "SUSE Bug 1062085 for CVE-2017-15041",
"url": "https://bugzilla.suse.com/1062085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-15041"
},
{
"cve": "CVE-2017-15042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15042"
}
],
"notes": [
{
"category": "general",
"text": "An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn\u0027t advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15042",
"url": "https://www.suse.com/security/cve/CVE-2017-15042"
},
{
"category": "external",
"summary": "SUSE Bug 1062087 for CVE-2017-15042",
"url": "https://bugzilla.suse.com/1062087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-15042"
},
{
"cve": "CVE-2017-8932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8932"
}
],
"notes": [
{
"category": "general",
"text": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8932",
"url": "https://www.suse.com/security/cve/CVE-2017-8932"
},
{
"category": "external",
"summary": "SUSE Bug 1040618 for CVE-2017-8932",
"url": "https://bugzilla.suse.com/1040618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8932"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-6574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6574"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6574",
"url": "https://www.suse.com/security/cve/CVE-2018-6574"
},
{
"category": "external",
"summary": "SUSE Bug 1080006 for CVE-2018-6574",
"url": "https://bugzilla.suse.com/1080006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-6574"
},
{
"cve": "CVE-2019-11888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11888"
}
],
"notes": [
{
"category": "general",
"text": "Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11888",
"url": "https://www.suse.com/security/cve/CVE-2019-11888"
},
{
"category": "external",
"summary": "SUSE Bug 1146203 for CVE-2019-11888",
"url": "https://bugzilla.suse.com/1146203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-11888"
},
{
"cve": "CVE-2019-14809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14809"
}
],
"notes": [
{
"category": "general",
"text": "net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14809",
"url": "https://www.suse.com/security/cve/CVE-2019-14809"
},
{
"category": "external",
"summary": "SUSE Bug 1146123 for CVE-2019-14809",
"url": "https://bugzilla.suse.com/1146123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-14809"
},
{
"cve": "CVE-2019-16276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16276"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16276",
"url": "https://www.suse.com/security/cve/CVE-2019-16276"
},
{
"category": "external",
"summary": "SUSE Bug 1152082 for CVE-2019-16276",
"url": "https://bugzilla.suse.com/1152082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16276"
},
{
"cve": "CVE-2019-17596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17596"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17596",
"url": "https://www.suse.com/security/cve/CVE-2019-17596"
},
{
"category": "external",
"summary": "SUSE Bug 1154402 for CVE-2019-17596",
"url": "https://bugzilla.suse.com/1154402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17596"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-6486"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
}
]
}
OPENSUSE-SU-2024:10806-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.13-1.13.15-2.6 on GA media
Severity
Moderate
Notes
Title of the patch: go1.13-1.13.15-2.6 on GA media
Description of the patch: These are all security issues fixed in the go1.13-1.13.15-2.6 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10806
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.13-1.13.15-2.6 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.13-1.13.15-2.6 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10806",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10806-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16276 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17596 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14039 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15586 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16845 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16845/"
}
],
"title": "go1.13-1.13.15-2.6 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10806-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.13-1.13.15-2.6.aarch64",
"product": {
"name": "go1.13-1.13.15-2.6.aarch64",
"product_id": "go1.13-1.13.15-2.6.aarch64"
}
},
{
"category": "product_version",
"name": "go1.13-doc-1.13.15-2.6.aarch64",
"product": {
"name": "go1.13-doc-1.13.15-2.6.aarch64",
"product_id": "go1.13-doc-1.13.15-2.6.aarch64"
}
},
{
"category": "product_version",
"name": "go1.13-race-1.13.15-2.6.aarch64",
"product": {
"name": "go1.13-race-1.13.15-2.6.aarch64",
"product_id": "go1.13-race-1.13.15-2.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.13-1.13.15-2.6.ppc64le",
"product": {
"name": "go1.13-1.13.15-2.6.ppc64le",
"product_id": "go1.13-1.13.15-2.6.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.13-doc-1.13.15-2.6.ppc64le",
"product": {
"name": "go1.13-doc-1.13.15-2.6.ppc64le",
"product_id": "go1.13-doc-1.13.15-2.6.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.13-race-1.13.15-2.6.ppc64le",
"product": {
"name": "go1.13-race-1.13.15-2.6.ppc64le",
"product_id": "go1.13-race-1.13.15-2.6.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.13-1.13.15-2.6.s390x",
"product": {
"name": "go1.13-1.13.15-2.6.s390x",
"product_id": "go1.13-1.13.15-2.6.s390x"
}
},
{
"category": "product_version",
"name": "go1.13-doc-1.13.15-2.6.s390x",
"product": {
"name": "go1.13-doc-1.13.15-2.6.s390x",
"product_id": "go1.13-doc-1.13.15-2.6.s390x"
}
},
{
"category": "product_version",
"name": "go1.13-race-1.13.15-2.6.s390x",
"product": {
"name": "go1.13-race-1.13.15-2.6.s390x",
"product_id": "go1.13-race-1.13.15-2.6.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.13-1.13.15-2.6.x86_64",
"product": {
"name": "go1.13-1.13.15-2.6.x86_64",
"product_id": "go1.13-1.13.15-2.6.x86_64"
}
},
{
"category": "product_version",
"name": "go1.13-doc-1.13.15-2.6.x86_64",
"product": {
"name": "go1.13-doc-1.13.15-2.6.x86_64",
"product_id": "go1.13-doc-1.13.15-2.6.x86_64"
}
},
{
"category": "product_version",
"name": "go1.13-race-1.13.15-2.6.x86_64",
"product": {
"name": "go1.13-race-1.13.15-2.6.x86_64",
"product_id": "go1.13-race-1.13.15-2.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-1.13.15-2.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64"
},
"product_reference": "go1.13-1.13.15-2.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-1.13.15-2.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le"
},
"product_reference": "go1.13-1.13.15-2.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-1.13.15-2.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x"
},
"product_reference": "go1.13-1.13.15-2.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-1.13.15-2.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64"
},
"product_reference": "go1.13-1.13.15-2.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-doc-1.13.15-2.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64"
},
"product_reference": "go1.13-doc-1.13.15-2.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-doc-1.13.15-2.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le"
},
"product_reference": "go1.13-doc-1.13.15-2.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-doc-1.13.15-2.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x"
},
"product_reference": "go1.13-doc-1.13.15-2.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-doc-1.13.15-2.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64"
},
"product_reference": "go1.13-doc-1.13.15-2.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-race-1.13.15-2.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64"
},
"product_reference": "go1.13-race-1.13.15-2.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-race-1.13.15-2.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le"
},
"product_reference": "go1.13-race-1.13.15-2.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-race-1.13.15-2.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x"
},
"product_reference": "go1.13-race-1.13.15-2.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.13-race-1.13.15-2.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
},
"product_reference": "go1.13-race-1.13.15-2.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16276"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16276",
"url": "https://www.suse.com/security/cve/CVE-2019-16276"
},
{
"category": "external",
"summary": "SUSE Bug 1152082 for CVE-2019-16276",
"url": "https://bugzilla.suse.com/1152082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16276"
},
{
"cve": "CVE-2019-17596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17596"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17596",
"url": "https://www.suse.com/security/cve/CVE-2019-17596"
},
{
"category": "external",
"summary": "SUSE Bug 1154402 for CVE-2019-17596",
"url": "https://bugzilla.suse.com/1154402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17596"
},
{
"cve": "CVE-2020-14039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14039"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14039",
"url": "https://www.suse.com/security/cve/CVE-2020-14039"
},
{
"category": "external",
"summary": "SUSE Bug 1174191 for CVE-2020-14039",
"url": "https://bugzilla.suse.com/1174191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14039"
},
{
"cve": "CVE-2020-15586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15586"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15586",
"url": "https://www.suse.com/security/cve/CVE-2020-15586"
},
{
"category": "external",
"summary": "SUSE Bug 1174153 for CVE-2020-15586",
"url": "https://bugzilla.suse.com/1174153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15586"
},
{
"cve": "CVE-2020-16845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16845"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16845",
"url": "https://www.suse.com/security/cve/CVE-2020-16845"
},
{
"category": "external",
"summary": "SUSE Bug 1174977 for CVE-2020-16845",
"url": "https://bugzilla.suse.com/1174977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-doc-1.13.15-2.6.x86_64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.aarch64",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.ppc64le",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.s390x",
"openSUSE Tumbleweed:go1.13-race-1.13.15-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-16845"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…