The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-12-14T14:00:00
Updated: 2019-07-14T11:06:00
Reserved: 2018-09-11T00:00:00
Link: CVE-2018-16875
JSON object: View
NVD Information
Status : Modified
Published: 2018-12-14T14:29:00.523
Modified: 2023-11-07T02:53:57.207
Link: CVE-2018-16875
JSON object: View
Redhat Information
No data.