VYPR
Unrated severityNVD Advisory· Published Dec 14, 2018· Updated Aug 5, 2024

CVE-2018-16875

CVE-2018-16875

Description

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

70

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.