Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: check parameters to avoid potential remote denial-of-service attack #15184

bradfitz opened this issue Apr 8, 2016 · 0 comments


Copy link

@bradfitz bradfitz commented Apr 8, 2016

Go's crypto libraries passed certain parameters unchecked to math/big.Int.Exp (, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates (a non-zero tls.Config.ClientAuth value of or the Go SSH server libraries are both exposed to this vulnerability.

This is CVE-2016-3959 and was addressed by for crypto/dsa (the reported problem) and (similar change to crypto/rsa and crypto/ecdsa, despite no known path to make those go into the slow path).

Thanks to David Wong for identifying this issue.

@bradfitz bradfitz added this to the Go1.6.1 milestone Apr 8, 2016
@golang golang locked and limited conversation to collaborators Apr 8, 2016
@adg adg self-assigned this Apr 8, 2016
@minux minux added the Security label Apr 13, 2016
@ianlancetaylor ianlancetaylor changed the title security: Go 1.6.1 placeholder bug crypto: check parameters to avoid potential remote denial-of-service attack Apr 13, 2016
@bradfitz bradfitz closed this May 9, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.