Wind River Support Network

HomeDefectsLIN1018-3230
Fixed

LIN1018-3230 : Security Advisory - go - CVE-2018-16875

Created: Dec 19, 2018    Updated: Feb 12, 2019
Resolved Date: Dec 25, 2018
Found In Version: unknown
Fix Version: 10.18.44.3
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

https://nvd.nist.gov/vuln/detail/CVE-2018-16875

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube