CVE-2018-16875

2025-08-04 08:44:25 +00:00 · 2018-12-14 14:42:49 +10:00 · 2018-12-14 14:42:49 +10:00 · c26a5b3b19
commit c26a5b3b19
parent 721c855a74
1 changed files with 75 additions and 16 deletions
--- a/2018/16xxx/CVE-2018-16875.json
+++ b/2018/16xxx/CVE-2018-16875.json
@ -1,18 +1,77 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-16875",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2018-16875",
+        "ASSIGNER": "sfowler@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "golang",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "1.10.6"
+                                        },
+                                        {
+                                            "version_value": "1.11.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
+            },
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+                    "version": "3.0"
+                }
+            ]
+        ]
+    }
 }