vulnerability

Red Hat: CVE-2019-17596: CVE-2019-17596 golang: invalid public key causes panic in dsa.Verify (Multiple Advisories)

Name: Red Hat: CVE-2019-17596: CVE-2019-17596 golang: invalid public key causes panic in dsa.Verify (Multiple Advisories)
Creator: Red Hat
Published: 2019-10-24T00:00:00.000Z
Keywords: CVE, CWE-436, Red Hat, 2019, 17596, 17596 golang, redhat-upgrade-go-toolset, redhat-upgrade-golang, redhat-upgrade-golang-bin, redhat-upgrade-golang-docs, redhat-upgrade-golang-misc, redhat-upgrade-golang-race, redhat-upgrade-golang-src, redhat-upgrade-golang-tests, Severity 5

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Oct 24, 2019

Added

Feb 5, 2020

Modified

Mar 27, 2026

Description

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Solutions

redhat-upgrade-go-toolsetredhat-upgrade-golangredhat-upgrade-golang-binredhat-upgrade-golang-docsredhat-upgrade-golang-miscredhat-upgrade-golang-raceredhat-upgrade-golang-srcredhat-upgrade-golang-tests

References

CWE-436
EUVD-EUVD-2019-7924
NVD-CVE-2019-17596
REDHAT-RHSA-2020:0329
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-7924

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report