High severity7.5NVD Advisory· Published May 23, 2016· Updated May 6, 2026
CVE-2016-3959
CVE-2016-3959
Description
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
Affected products
6cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.fedoraproject.org/pipermail/package-announce/2016-April/182526.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183106.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-April/183137.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00077.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-1538.htmlnvd
- www.openwall.com/lists/oss-security/2016/04/05/1nvd
- www.openwall.com/lists/oss-security/2016/04/05/2nvd
- go-review.googlesource.comnvd
- groups.google.com/forum/nvd
News mentions
0No linked articles in our index yet.