CVE-2016-3959
Denial of service due to unchecked parameters in crypto/dsa
EPSS 2.5%
Description
The Verify function in crypto/dsa passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go SSH server libraries are both exposed to this vulnerability.
How to fix CVE-2016-3959
To remediate CVE-2016-3959, upgrade the affected package to a fixed version below.
- Go/stdlib—upgrade to 1.5.4 or later
Is CVE-2016-3959 being exploited?
Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.5.4, >= 1.6.0-0, < 1.6.1