vulnerability
Amazon Linux AMI: CVE-2019-17596: Security patch for golang (ALAS-2024-1938)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Oct 24, 2019 | May 14, 2024 | May 14, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Oct 24, 2019
Added
May 14, 2024
Modified
May 14, 2024
Description
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Solution
amazon-linux-upgrade-golang
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.