{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T12:38:30.268","vulnerabilities":[{"cve":{"id":"CVE-2018-16875","sourceIdentifier":"secalert@redhat.com","published":"2018-12-14T14:29:00.523","lastModified":"2024-11-21T03:53:30.297","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."},{"lang":"es","value":"El paquete crypto/x509 de Go, en versiones anteriores a la 1.10.6 y versiones 1.11.x anteriores a la 1.11.3,no limita la cantidad de trabajo realizado para cada verificación de cadenas, lo que podría permitir que los atacantes manipulen entradas patológicas que conducen a la denegación de servicio (DoS) de la CPU. Los servidores TLS de Go que aceptan certificados de clientes y clientes TLS se han visto afectados."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.6","matchCriteriaId":"49A979C3-1002-477D-9874-FD5E0D1681D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.11.0","versionEndExcluding":"1.11.3","matchCriteriaId":"7F67C474-BD21-4A3E-9F35-3D36BB6F09F4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","matchCriteriaId":"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/106230","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0","source":"secalert@redhat.com"},{"url":"https://security.gentoo.org/glsa/201812-09","source":"secalert@redhat.com","tags":["Mitigation","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/106230","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201812-09","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}