Merge branch 'CVE-2018-16875' of https://github.com/RedHatProductSecurity/cvelist

2025-06-08 14:08:13 +00:00 · 2018-12-14 08:31:16 -05:00 · 2018-12-14 08:31:16 -05:00 · b4795cedc7
commit b4795cedc7
parent 969acf376e c26a5b3b19
1 changed files with 75 additions and 16 deletions
--- a/2018/16xxx/CVE-2018-16875.json
+++ b/2018/16xxx/CVE-2018-16875.json
@ -1,18 +1,77 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-16875",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
-   "description" : {
-      "description_data" : [
+    "CVE_data_meta": {
+        "ID": "CVE-2018-16875",
+        "ASSIGNER": "sfowler@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
                {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "golang",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "1.10.6"
+                                        },
+                                        {
+                                            "version_value": "1.11.3"
                                        }
                                    ]
                                }
                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
+            },
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+                    "version": "3.0"
+                }
+            ]
+        ]
+    }
+}