crypto: check parameters to avoid potential remote denial-of-service attack #15184

bradfitz · 2016-04-08T00:26:59Z

Go's crypto libraries passed certain parameters unchecked to math/big.Int.Exp (https://golang.org/pkg/math/big/#Int.Exp), possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates (a non-zero tls.Config.ClientAuth value of https://golang.org/pkg/crypto/tls/#ClientAuthType) or the Go SSH server libraries are both exposed to this vulnerability.

This is CVE-2016-3959 and was addressed by https://golang.org/cl/21533 for crypto/dsa (the reported problem) and https://golang.org/cl/21560 (similar change to crypto/rsa and crypto/ecdsa, despite no known path to make those go into the slow path).

Thanks to David Wong for identifying this issue.

The text was updated successfully, but these errors were encountered:

bradfitz added this to the Go1.6.1 milestone Apr 8, 2016

golang locked and limited conversation to collaborators Apr 8, 2016

adg self-assigned this Apr 8, 2016

minux added the Security label Apr 13, 2016

ianlancetaylor changed the title ~~security: Go 1.6.1 placeholder bug~~ crypto: check parameters to avoid potential remote denial-of-service attack Apr 13, 2016

bradfitz closed this as completed May 9, 2016

rsc unassigned adg Jun 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto: check parameters to avoid potential remote denial-of-service attack #15184

crypto: check parameters to avoid potential remote denial-of-service attack #15184

bradfitz commented Apr 8, 2016

crypto: check parameters to avoid potential remote denial-of-service attack #15184

crypto: check parameters to avoid potential remote denial-of-service attack #15184

Comments

bradfitz commented Apr 8, 2016