FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- remote denial of service

Affected packages
go < 1.6.1,1

Details

VuXML ID f2217cdf-01e4-11e6-b1ce-002590263bf5
Discovery 2016-04-05
Entry 2016-04-14

Jason Buberel reports:

Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability.

[source]

References

CVE Name CVE-2016-3959
URL http://www.openwall.com/lists/oss-security/2016/04/05/2
URL https://golang.org/cl/21533

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.