CVE-2019-17596

ADVISORY - nist

Summary

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

EPSS Score⁠: 0.0234 (0.843)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-436⁠

Interpretation Conflict

ADVISORY - redhat

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.