Skip to content

Commit

Permalink
CVE-2018-16875
Browse files Browse the repository at this point in the history 
From golang/go#29233

Package crypto/x509 parses and validates X.509-encoded keys and certificates. It's supposed to handle certificate chains provided by an attacker with reasonable resource use.

The crypto/x509 package does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients verifying certificates are affected.

Go 1.11.3 and 1.10.6 have been released with this fixed.
  • Loading branch information
@zouyee
zouyee authored Dec 14, 2018
1 parent 5ff6fb1 commit d7bb1b4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion WORKSPACE
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_rules_dependencies", "go_register_too
go_rules_dependencies()

go_register_toolchains(
go_version = "1.10.2",
go_version = "1.11.3",
)

git_repository(
Expand Down

0 comments on commit d7bb1b4

Please sign in to comment.