High severity7.5NVD Advisory· Published May 23, 2016· Updated Jun 17, 2026
CVE-2016-3959
CVE-2016-3959
Description
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- osv-coords5 versionspkg:rpm/opensuse/go1.10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.12&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go&distro=openSUSE%20Tumbleweed
< 1.10.8-8.2+ 4 more
- (no CPE)range: < 1.10.8-8.2
- (no CPE)range: < 1.11.13-10.5
- (no CPE)range: < 1.12.17-4.8
- (no CPE)range: < 1.9.7-11.2
- (no CPE)range: < 1.7.0-2.1
Patches
Vulnerability mechanics
References
9- lists.fedoraproject.org/pipermail/package-announce/2016-April/182526.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183106.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183137.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00077.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-1538.htmlnvd
- www.openwall.com/lists/oss-security/2016/04/05/1nvd
- www.openwall.com/lists/oss-security/2016/04/05/2nvd
- go-review.googlesource.comnvd
- groups.google.com/forum/nvd
News mentions
0No linked articles in our index yet.