Vulnerability-Lookup

CVE-2019-16276 (GCVE-0-2019-16276)

Vulnerability from cvelistv5 – Published: 2019-09-30 18:40 – Updated: 2024-08-05 01:10

Summary

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

13 references

URL	Tags
https://github.com/golang/go/issues/34540	x_refsource_CONFIRM
https://groups.google.com/forum/#%21msg/golang-an…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://security.netapp.com/advisory/ntap-2019112…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2020:0101	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0329	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0652	vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Date Public ?

2019-09-25 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:10:41.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/golang/go/issues/34540"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
          },
          {
            "name": "FEDORA-2019-1b8cbd39ff",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
          },
          {
            "name": "FEDORA-2019-416d20f960",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
          },
          {
            "name": "FEDORA-2019-e99c1603c3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
          },
          {
            "name": "openSUSE-SU-2019:2522",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
          },
          {
            "name": "openSUSE-SU-2019:2521",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
          },
          {
            "name": "RHSA-2020:0101",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0101"
          },
          {
            "name": "RHSA-2020:0329",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0329"
          },
          {
            "name": "RHSA-2020:0652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0652"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-09-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-13T20:06:30.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/golang/go/issues/34540"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
        },
        {
          "name": "FEDORA-2019-1b8cbd39ff",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
        },
        {
          "name": "FEDORA-2019-416d20f960",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
        },
        {
          "name": "FEDORA-2019-e99c1603c3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
        },
        {
          "name": "openSUSE-SU-2019:2522",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
        },
        {
          "name": "openSUSE-SU-2019:2521",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
        },
        {
          "name": "RHSA-2020:0101",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0101"
        },
        {
          "name": "RHSA-2020:0329",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0329"
        },
        {
          "name": "RHSA-2020:0652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0652"
        },
        {
          "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16276",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/golang/go/issues/34540",
              "refsource": "CONFIRM",
              "url": "https://github.com/golang/go/issues/34540"
            },
            {
              "name": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
            },
            {
              "name": "FEDORA-2019-1b8cbd39ff",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
            },
            {
              "name": "FEDORA-2019-416d20f960",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
            },
            {
              "name": "FEDORA-2019-e99c1603c3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
            },
            {
              "name": "openSUSE-SU-2019:2522",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2019:2521",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191122-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
            },
            {
              "name": "RHSA-2020:0101",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0101"
            },
            {
              "name": "RHSA-2020:0329",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0329"
            },
            {
              "name": "RHSA-2020:0652",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0652"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16276",
    "datePublished": "2019-09-30T18:40:12.000Z",
    "dateReserved": "2019-09-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:10:41.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-16276",
      "date": "2026-05-20",
      "epss": "0.09843",
      "percentile": "0.93072"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.12.10\", \"matchCriteriaId\": \"780FC85E-2CAD-4605-8DA2-CE16EB2034A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.13\", \"versionEndExcluding\": \"1.13.1\", \"matchCriteriaId\": \"3FDA5CF5-27C2-4DA5-852D-1A69271DB7EE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C85A84D-A70F-4B02-9E5D-CD9660ABF048\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60937D60-6B78-400F-8D30-7FCF328659A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DAE7369-EEC5-405E-9D13-858335FDA647\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.\"}, {\"lang\": \"es\", \"value\": \"Go versiones anteriores a 1.12.10 y versiones 1.13.x anteriores a 1.13.1, permitir el Trafico No Autorizado de Peticiones HTTP.\"}]",
      "id": "CVE-2019-16276",
      "lastModified": "2024-11-21T04:30:26.170",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-09-30T19:15:08.790",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0101\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0329\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0652\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/golang/go/issues/34540\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191122-0004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0101\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0329\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0652\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/golang/go/issues/34540\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191122-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-444\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-16276\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-09-30T19:15:08.790\",\"lastModified\":\"2024-11-21T04:30:26.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.\"},{\"lang\":\"es\",\"value\":\"Go versiones anteriores a 1.12.10 y versiones 1.13.x anteriores a 1.13.1, permitir el Trafico No Autorizado de Peticiones HTTP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.12.10\",\"matchCriteriaId\":\"780FC85E-2CAD-4605-8DA2-CE16EB2034A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13\",\"versionEndExcluding\":\"1.13.1\",\"matchCriteriaId\":\"3FDA5CF5-27C2-4DA5-852D-1A69271DB7EE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C85A84D-A70F-4B02-9E5D-CD9660ABF048\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60937D60-6B78-400F-8D30-7FCF328659A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAE7369-EEC5-405E-9D13-858335FDA647\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0101\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0329\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0652\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/golang/go/issues/34540\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20191122-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0329\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/golang/go/issues/34540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20191122-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2025-AVI-0360

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Sensor Proxy	Sensor Proxy version antérieures à 1.2.0
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.77.11

References

Title

Publication Time

CERTFR-2025-AVI-0360

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Sensor Proxy	Sensor Proxy version antérieures à 1.2.0
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.77.11

References

Title

Publication Time

BDU:2019-04670

Vulnerability from fstec - Published: 30.09.2019

Title

Уязвимость программного пакета Go, связанная с непоследовательной интерпретацией http-запросов, позволяющая нарушителю оказать воздействие на целостность данных

Description

Уязвимость программного пакета Go связана с непоследовательной интерпретацией http-запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на целостность данных

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vendor

Сообщество свободного программного обеспечения, Novell Inc., Fedora Project, Red Hat Inc., The Go Project, АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Fedora, Red Hat Enterprise Linux, OpenSUSE Leap, Go, OpenShift, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 29 (Fedora), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 30 (Fedora), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), до 1.12.10 (Go), от 1.13 до 1.13.1 (Go), 4.2 (OpenShift), - (Альт 8 СП), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для golang: Обновление программного обеспечения до 1.11.6-1+deb10u3 или более поздней версии Для Debian: Обновление программного обеспечения (пакета golang) до 1.11.6-1+deb10u3 или более поздней версии Для программных продуктов Novell Inc.: http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html https://www.suse.com/security/cve/CVE-2019-16276/ Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/ Для программных продуктов Red Hat Inc.: https://bugzilla.redhat.com/show_bug.cgi?id=1755969 Для ОСОН ОСнова Оnyx:Обновление программного обеспечения golang-1.15 до версии 1.15.9-3.osnova5 Для ОС ОН «Стрелец»: Обновление программного обеспечения golang-1.15 до версии 1.15.9-3.osnova6.strelets Обновление программного обеспечения golang-1.11 до версии 1.11.6-1+deb10u4.osnova6strelets Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-16276 https://security-tracker.debian.org/tracker/CVE-2019-16276 http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html https://www.suse.com/security/cve/CVE-2019-16276/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/ https://bugzilla.redhat.com/show_bug.cgi?id=1755969 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-444

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Fedora Project, Red Hat Inc., The Go Project, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 29 (Fedora), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 30 (Fedora), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), \u0434\u043e 1.12.10 (Go), \u043e\u0442 1.13 \u0434\u043e 1.13.1 (Go), 4.2 (OpenShift), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f golang:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1.11.6-1+deb10u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 golang) \u0434\u043e 1.11.6-1+deb10u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\nhttps://www.suse.com/security/cve/CVE-2019-16276/\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1755969\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f golang-1.15 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.15.9-3.osnova5\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f golang-1.15 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.15.9-3.osnova6.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f golang-1.11 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.11.6-1+deb10u4.osnova6strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.12.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04670",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-16276",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Fedora, Red Hat Enterprise Linux, OpenSUSE Leap, Go, OpenShift, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Fedora Project Fedora 29 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 31 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.1  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 Go, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u0435\u0439 http-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u044f HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (\u0027\u041a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\u0027) (CWE-444)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 Go \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u0435\u0439 http-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-16276\nhttps://security-tracker.debian.org/tracker/CVE-2019-16276\nhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html\nhttps://www.suse.com/security/cve/CVE-2019-16276/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1755969\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-444",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CNVD-2019-35773

Vulnerability from cnvd - Published: 2019-10-17

Title

Google Go环境问题漏洞

Description

Google Go是美国谷歌（Google）公司的一款静态强类型、编译型、并发型，并具有垃圾回收功能的编程语言。 Google Go 1.12.10之前版本和1.13.1之前的1.13.x版本中存在环境问题漏洞，攻击者可利用该漏洞绕过过滤器或实施请求走私攻击。

Severity

中

Patch Name

Google Go环境问题漏洞的补丁

Patch Description

Google Go是美国谷歌（Google）公司的一款静态强类型、编译型、并发型，并具有垃圾回收功能的编程语言。 Google Go 1.12.10之前版本和1.13.1之前的1.13.x版本中存在环境问题漏洞，攻击者可利用该漏洞绕过过滤器或实施请求走私攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/golang/go/issues/34540

Reference

https://www.debian.org/security/2019/dsa-4534 https://www.auscert.org.au/bulletins/ESB-2019.3658/ https://access.redhat.com/security/cve/cve-2019-16276

Impacted products

Name
['Google GO <1.12.10', 'Google GO 1.13.*，<1.13.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-16276"
    }
  },
  "description": "Google Go\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9759\u6001\u5f3a\u7c7b\u578b\u3001\u7f16\u8bd1\u578b\u3001\u5e76\u53d1\u578b\uff0c\u5e76\u5177\u6709\u5783\u573e\u56de\u6536\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\n\nGoogle Go 1.12.10\u4e4b\u524d\u7248\u672c\u548c1.13.1\u4e4b\u524d\u76841.13.x\u7248\u672c\u4e2d\u5b58\u5728\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8fc7\u6ee4\u5668\u6216\u5b9e\u65bd\u8bf7\u6c42\u8d70\u79c1\u653b\u51fb\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/golang/go/issues/34540",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-35773",
  "openTime": "2019-10-17",
  "patchDescription": "Google Go\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9759\u6001\u5f3a\u7c7b\u578b\u3001\u7f16\u8bd1\u578b\u3001\u5e76\u53d1\u578b\uff0c\u5e76\u5177\u6709\u5783\u573e\u56de\u6536\u529f\u80fd\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nGoogle Go 1.12.10\u4e4b\u524d\u7248\u672c\u548c1.13.1\u4e4b\u524d\u76841.13.x\u7248\u672c\u4e2d\u5b58\u5728\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8fc7\u6ee4\u5668\u6216\u5b9e\u65bd\u8bf7\u6c42\u8d70\u79c1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Go\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google GO \u003c1.12.10",
      "Google GO 1.13.*\uff0c\u003c1.13.1"
    ]
  },
  "referenceLink": "https://www.debian.org/security/2019/dsa-4534\r\nhttps://www.auscert.org.au/bulletins/ESB-2019.3658/\r\nhttps://access.redhat.com/security/cve/cve-2019-16276",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-30",
  "title": "Google Go\u73af\u5883\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2019-16276

Vulnerability from fkie_nvd - Published: 2019-09-30 19:15 - Updated: 2024-11-21 04:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html	Mailing List, Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0101	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0329	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2020:0652	Third Party Advisory
cve@mitre.org	https://github.com/golang/go/issues/34540	Patch, Third Party Advisory
cve@mitre.org	https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/
cve@mitre.org	https://security.netapp.com/advisory/ntap-20191122-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0101	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0329	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0652	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/golang/go/issues/34540	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20191122-0004/	Third Party Advisory

Impacted products

Vendor	Product	Version
golang	go	*
golang	go	*
debian	debian_linux	9.0
opensuse	leap	15.0
opensuse	leap	15.1
fedoraproject	fedora	29
fedoraproject	fedora	30
fedoraproject	fedora	31
redhat	openshift_container_platform	4.2
redhat	enterprise_linux	7.0
redhat	developer_tools	1.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux_eus	8.1
netapp	cloud_insights_telegraf_agent	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "780FC85E-2CAD-4605-8DA2-CE16EB2034A5",
              "versionEndExcluding": "1.12.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDA5CF5-27C2-4DA5-852D-1A69271DB7EE",
              "versionEndExcluding": "1.13.1",
              "versionStartIncluding": "1.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C85A84D-A70F-4B02-9E5D-CD9660ABF048",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
    },
    {
      "lang": "es",
      "value": "Go versiones anteriores a 1.12.10 y versiones 1.13.x anteriores a 1.13.1, permitir el Trafico No Autorizado de Peticiones HTTP."
    }
  ],
  "id": "CVE-2019-16276",
  "lastModified": "2024-11-21T04:30:26.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-30T19:15:08.790",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0101"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0329"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0652"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/golang/go/issues/34540"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/golang/go/issues/34540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-XV7J-JR8Q-MHMM

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2022-05-24 16:57

Details

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-16276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-30T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
  "id": "GHSA-xv7j-jr8q-mhmm",
  "modified": "2022-05-24T16:57:06Z",
  "published": "2022-05-24T16:57:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16276"
    },
    {
      "type": "WEB",
      "url": "https://github.com/golang/go/issues/34540"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0101"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0329"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0652"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191122-0004"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-16276

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Aliases

CVE-2019-16276

Aliases

CVE-2019-16276

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-16276",
    "description": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
    "id": "GSD-2019-16276",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-16276.html",
      "https://www.debian.org/security/2019/dsa-4534",
      "https://access.redhat.com/errata/RHSA-2020:0652",
      "https://access.redhat.com/errata/RHSA-2020:0329",
      "https://access.redhat.com/errata/RHSA-2020:0101",
      "https://access.redhat.com/errata/RHBA-2020:0062",
      "https://access.redhat.com/errata/RHBA-2019:3304",
      "https://access.redhat.com/errata/RHBA-2019:3303",
      "https://security.archlinux.org/CVE-2019-16276",
      "https://alas.aws.amazon.com/cve/html/CVE-2019-16276.html",
      "https://linux.oracle.com/cve/CVE-2019-16276.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-16276"
      ],
      "details": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
      "id": "GSD-2019-16276",
      "modified": "2023-12-13T01:23:40.558927Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-16276",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/golang/go/issues/34540",
            "refsource": "CONFIRM",
            "url": "https://github.com/golang/go/issues/34540"
          },
          {
            "name": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ",
            "refsource": "MISC",
            "url": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
          },
          {
            "name": "FEDORA-2019-1b8cbd39ff",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
          },
          {
            "name": "FEDORA-2019-416d20f960",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
          },
          {
            "name": "FEDORA-2019-e99c1603c3",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
          },
          {
            "name": "openSUSE-SU-2019:2522",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
          },
          {
            "name": "openSUSE-SU-2019:2521",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20191122-0004/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
          },
          {
            "name": "RHSA-2020:0101",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0101"
          },
          {
            "name": "RHSA-2020:0329",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0329"
          },
          {
            "name": "RHSA-2020:0652",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0652"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.13.1",
                "versionStartIncluding": "1.13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.12.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16276"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-444"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
            },
            {
              "name": "https://github.com/golang/go/issues/34540",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/golang/go/issues/34540"
            },
            {
              "name": "FEDORA-2019-1b8cbd39ff",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
            },
            {
              "name": "FEDORA-2019-416d20f960",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
            },
            {
              "name": "FEDORA-2019-e99c1603c3",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
            },
            {
              "name": "openSUSE-SU-2019:2521",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
            },
            {
              "name": "openSUSE-SU-2019:2522",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191122-0004/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
            },
            {
              "name": "RHSA-2020:0101",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0101"
            },
            {
              "name": "RHSA-2020:0329",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0329"
            },
            {
              "name": "RHSA-2020:0652",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0652"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-03-22T13:19Z",
      "publishedDate": "2019-09-30T19:15Z"
    }
  }
}

MSRC_CVE-2019-16276

Vulnerability from csaf_microsoft - Published: 2019-09-02 00:00 - Updated: 2026-02-18 02:17

Summary

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2019-16276

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 17021-16817		—
Unresolved product id: 17021-17084		—
Unresolved product id: 19696-17084		—

Known affected 3 products

Product	Version	Remediation
Unresolved product id: 16817-2	—	Vendor Fix fix
Unresolved product id: 17084-3	—	Vendor Fix fix
Unresolved product id: 17084-1	—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2019/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2019/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2019-16276 Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-16276.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
    "tracking": {
      "current_release_date": "2026-02-18T02:17:46.000Z",
      "generator": {
        "date": "2026-02-18T09:49:59.693Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2019-16276",
      "initial_release_date": "2019-09-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-09-11T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-02-18T02:17:46.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "16817"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 python-tensorboard 2.16.2-2",
                "product": {
                  "name": "\u003cazl3 python-tensorboard 2.16.2-2",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 python-tensorboard 2.16.2-2",
                "product": {
                  "name": "azl3 python-tensorboard 2.16.2-2",
                  "product_id": "17021"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 python-tensorboard 2.16.2-2",
                "product": {
                  "name": "\u003cazl3 python-tensorboard 2.16.2-2",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 python-tensorboard 2.16.2-2",
                "product": {
                  "name": "azl3 python-tensorboard 2.16.2-2",
                  "product_id": "17021"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 python-tensorboard 2.11.0-3",
                "product": {
                  "name": "\u003cazl3 python-tensorboard 2.11.0-3",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 python-tensorboard 2.11.0-3",
                "product": {
                  "name": "azl3 python-tensorboard 2.11.0-3",
                  "product_id": "19696"
                }
              }
            ],
            "category": "product_name",
            "name": "python-tensorboard"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
          "product_id": "16817-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "16817"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
          "product_id": "17021-16817"
        },
        "product_reference": "17021",
        "relates_to_product_reference": "16817"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
          "product_id": "17021-17084"
        },
        "product_reference": "17021",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 python-tensorboard 2.11.0-3 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 python-tensorboard 2.11.0-3 as a component of Azure Linux 3.0",
          "product_id": "19696-17084"
        },
        "product_reference": "19696",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-16276",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "17021-16817",
          "17021-17084",
          "19696-17084"
        ],
        "known_affected": [
          "16817-2",
          "17084-3",
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2019-16276 Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-16276.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-11T00:00:00.000Z",
          "details": "2.16.2-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16817-2",
            "17084-3",
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "16817-2",
            "17084-3",
            "17084-1"
          ]
        }
      ],
      "title": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
    }
  ]
}

OPENSUSE-SU-2019:2521-1

Vulnerability from csaf_opensuse - Published: 2019-11-17 19:22 - Updated: 2019-11-17 19:22

Summary

Security update for go1.12

Severity

Moderate

Notes

Title of the patch: Security update for go1.12

Description of the patch: This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082). - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402). Non-security issue fixed: - Go was updated to version 1.12.12 (bsc#1141689). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2019-2521

CVE-2019-16276

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-17596

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

13 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1141689	self
https://bugzilla.suse.com/1152082	self
https://bugzilla.suse.com/1154402	self
https://www.suse.com/security/cve/CVE-2019-16276/	self
https://www.suse.com/security/cve/CVE-2019-17596/	self
https://www.suse.com/security/cve/CVE-2019-16276	external
https://bugzilla.suse.com/1152082	external
https://www.suse.com/security/cve/CVE-2019-17596	external
https://bugzilla.suse.com/1154402	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for go1.12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for go1.12 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).\n- CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).\n\nNon-security issue fixed:\n\n- Go was updated to version 1.12.12 (bsc#1141689).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-2521",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2521-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:2521-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HUPUAVRZNZNRO55OYBYHREZH7KIAIZQ2/#HUPUAVRZNZNRO55OYBYHREZH7KIAIZQ2"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:2521-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HUPUAVRZNZNRO55OYBYHREZH7KIAIZQ2/#HUPUAVRZNZNRO55OYBYHREZH7KIAIZQ2"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1141689",
        "url": "https://bugzilla.suse.com/1141689"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1152082",
        "url": "https://bugzilla.suse.com/1152082"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154402",
        "url": "https://bugzilla.suse.com/1154402"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16276 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16276/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17596 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17596/"
      }
    ],
    "title": "Security update for go1.12",
    "tracking": {
      "current_release_date": "2019-11-17T19:22:02Z",
      "generator": {
        "date": "2019-11-17T19:22:02Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:2521-1",
      "initial_release_date": "2019-11-17T19:22:02Z",
      "revision_history": [
        {
          "date": "2019-11-17T19:22:02Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.12-1.12.12-lp150.11.1.x86_64",
                "product": {
                  "name": "go1.12-1.12.12-lp150.11.1.x86_64",
                  "product_id": "go1.12-1.12.12-lp150.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.12-doc-1.12.12-lp150.11.1.x86_64",
                "product": {
                  "name": "go1.12-doc-1.12.12-lp150.11.1.x86_64",
                  "product_id": "go1.12-doc-1.12.12-lp150.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.12-race-1.12.12-lp150.11.1.x86_64",
                "product": {
                  "name": "go1.12-race-1.12.12-lp150.11.1.x86_64",
                  "product_id": "go1.12-race-1.12.12-lp150.11.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.12-1.12.12-lp150.11.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64"
        },
        "product_reference": "go1.12-1.12.12-lp150.11.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.12-doc-1.12.12-lp150.11.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64"
        },
        "product_reference": "go1.12-doc-1.12.12-lp150.11.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.12-race-1.12.12-lp150.11.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
        },
        "product_reference": "go1.12-race-1.12.12-lp150.11.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-16276",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16276"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
          "openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
          "openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16276",
          "url": "https://www.suse.com/security/cve/CVE-2019-16276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1152082 for CVE-2019-16276",
          "url": "https://bugzilla.suse.com/1152082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
            "openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
            "openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
            "openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
            "openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-11-17T19:22:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-16276"
    },
    {
      "cve": "CVE-2019-17596",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17596"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
          "openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
          "openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17596",
          "url": "https://www.suse.com/security/cve/CVE-2019-17596"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154402 for CVE-2019-17596",
          "url": "https://bugzilla.suse.com/1154402"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
            "openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
            "openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:go1.12-1.12.12-lp150.11.1.x86_64",
            "openSUSE Leap 15.0:go1.12-doc-1.12.12-lp150.11.1.x86_64",
            "openSUSE Leap 15.0:go1.12-race-1.12.12-lp150.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-11-17T19:22:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17596"
    }
  ]
}

OPENSUSE-SU-2019:2522-1

Vulnerability from csaf_opensuse - Published: 2019-11-17 19:22 - Updated: 2019-11-17 19:22

Summary

Security update for go1.12

Severity

Moderate

Notes

Title of the patch: Security update for go1.12

Patchnames: openSUSE-2019-2522

CVE-2019-16276

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-17596

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

13 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1141689	self
https://bugzilla.suse.com/1152082	self
https://bugzilla.suse.com/1154402	self
https://www.suse.com/security/cve/CVE-2019-16276/	self
https://www.suse.com/security/cve/CVE-2019-17596/	self
https://www.suse.com/security/cve/CVE-2019-16276	external
https://bugzilla.suse.com/1152082	external
https://www.suse.com/security/cve/CVE-2019-17596	external
https://bugzilla.suse.com/1154402	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for go1.12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for go1.12 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).\n- CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).\n\nNon-security issue fixed:\n\n- Go was updated to version 1.12.12 (bsc#1141689).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-2522",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2522-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:2522-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA/#KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:2522-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA/#KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1141689",
        "url": "https://bugzilla.suse.com/1141689"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1152082",
        "url": "https://bugzilla.suse.com/1152082"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154402",
        "url": "https://bugzilla.suse.com/1154402"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16276 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16276/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17596 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17596/"
      }
    ],
    "title": "Security update for go1.12",
    "tracking": {
      "current_release_date": "2019-11-17T19:22:11Z",
      "generator": {
        "date": "2019-11-17T19:22:11Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:2522-1",
      "initial_release_date": "2019-11-17T19:22:11Z",
      "revision_history": [
        {
          "date": "2019-11-17T19:22:11Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.12-1.12.12-lp151.2.25.1.x86_64",
                "product": {
                  "name": "go1.12-1.12.12-lp151.2.25.1.x86_64",
                  "product_id": "go1.12-1.12.12-lp151.2.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
                "product": {
                  "name": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
                  "product_id": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.12-race-1.12.12-lp151.2.25.1.x86_64",
                "product": {
                  "name": "go1.12-race-1.12.12-lp151.2.25.1.x86_64",
                  "product_id": "go1.12-race-1.12.12-lp151.2.25.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.12-1.12.12-lp151.2.25.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64"
        },
        "product_reference": "go1.12-1.12.12-lp151.2.25.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64"
        },
        "product_reference": "go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.12-race-1.12.12-lp151.2.25.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
        },
        "product_reference": "go1.12-race-1.12.12-lp151.2.25.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-16276",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16276"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
          "openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
          "openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16276",
          "url": "https://www.suse.com/security/cve/CVE-2019-16276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1152082 for CVE-2019-16276",
          "url": "https://bugzilla.suse.com/1152082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
            "openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
            "openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
            "openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
            "openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-11-17T19:22:11Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-16276"
    },
    {
      "cve": "CVE-2019-17596",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17596"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
          "openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
          "openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17596",
          "url": "https://www.suse.com/security/cve/CVE-2019-17596"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154402 for CVE-2019-17596",
          "url": "https://bugzilla.suse.com/1154402"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
            "openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
            "openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1.x86_64",
            "openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1.x86_64",
            "openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-11-17T19:22:11Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17596"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-16276 (GCVE-0-2019-16276)

Solutions

Solutions

Tags

Sightings

Nomenclature