#VU69447 Reachable Assertion in crypto
Vulnerability identifier: #VU69447
Vulnerability risk: Medium
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-617
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
crypto
Universal components / Libraries /
Libraries used by multiple products
Vendor:
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion during signature verification process. A remote attacker can supply a specially crafted certificate to the application (server or client) and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
http://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
http://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
http://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
