Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Go | Golang | 1.13 | * |
Go | Golang | 1.12 | * |