What is the severity of CVE-2018-16875?

CVE-2018-16875 is classified as a denial of service vulnerability due to its potential to allow attackers to craft inputs that consume excessive CPU resources.

How do I fix CVE-2018-16875?

To fix CVE-2018-16875, update your Go installation to version 1.10.6 or later if using 1.10.x, or to version 1.11.3 or later if using 1.11.x.

What versions of Go are affected by CVE-2018-16875?

CVE-2018-16875 affects Go versions prior to 1.10.6 and those from 1.11.0 to 1.11.2.

What kind of attack does CVE-2018-16875 enable?

CVE-2018-16875 enables a CPU denial of service attack through specially crafted inputs during chain verification.

What is the impact of exploiting CVE-2018-16875?

Exploiting CVE-2018-16875 could lead to significant CPU resource exhaustion on servers handling TLS connections.

Vulnerability/
CVE-2018-16875

high

7.8

CWE

295 20

14/12/2018

5/8/2024

CVE-2018-16875: Input Validation

First published: Fri Dec 14 2018(Updated: )

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Golang	<1.10.6
Golang	>=1.11.0<1.11.3
SUSE Linux	=42.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-16875?
CVE-2018-16875 is classified as a denial of service vulnerability due to its potential to allow attackers to craft inputs that consume excessive CPU resources.
How do I fix CVE-2018-16875?
To fix CVE-2018-16875, update your Go installation to version 1.10.6 or later if using 1.10.x, or to version 1.11.3 or later if using 1.11.x.
What versions of Go are affected by CVE-2018-16875?
CVE-2018-16875 affects Go versions prior to 1.10.6 and those from 1.11.0 to 1.11.2.
What kind of attack does CVE-2018-16875 enable?
CVE-2018-16875 enables a CPU denial of service attack through specially crafted inputs during chain verification.
What is the impact of exploiting CVE-2018-16875?
Exploiting CVE-2018-16875 could lead to significant CPU resource exhaustion on servers handling TLS connections.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/weakness
agent/last-modified-date
agent/references
agent/event
agent/first-publish-date
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/golang
canonical/golang
version/golang/1.11.0
vendor/opensuse
canonical/suse linux
version/suse linux/42.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.