rpm package
opensuse/go1.19-openssl&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/go1.19-openssl&distro=openSUSE%20Leap%2015.4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-29409 | — | < 1.19.13.1-150000.1.8.1 | 1.19.13.1-150000.1.8.1 | Aug 2, 2023 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr | ||
| CVE-2023-29406 | — | < 1.19.13.1-150000.1.8.1 | 1.19.13.1-150000.1.8.1 | Jul 11, 2023 | The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. |
- CVE-2023-29409Aug 2, 2023affected < 1.19.13.1-150000.1.8.1fixed 1.19.13.1-150000.1.8.1
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr
- CVE-2023-29406Jul 11, 2023affected < 1.19.13.1-150000.1.8.1fixed 1.19.13.1-150000.1.8.1
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.