The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-12-14T14:00:00
Updated: 2024-08-05T10:32:54.282Z
Reserved: 2018-09-11T00:00:00
Link: CVE-2018-16875
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-12-14T14:29:00.523
Modified: 2023-11-07T02:53:57.207
Link: CVE-2018-16875
Redhat