Back to bug 2228743
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-08-03 07:11:45 UTC | CC | asm, dbenoit, emachado, sipoyare, tstellar | |
| Avinash Hanwate | 2023-08-03 07:16:06 UTC | CC | abishop, ansmith, aveerama, bbaude, bbuckingham, bcl, bcourt, bodavis, chazlett, davidn, dcadzow, debarshir, desktop-qa-list, dkenigsb, dperaza, dsimansk, dwalsh, eglynn, ehelms, ellin, epacific, fdeutsch, jaharrin, jburrell, jcammara, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jneedle, jnovy, jobarker, joelsmith, jschluet, jsherril, lball, lhh, lsm5, lzap, mabashia, matzew, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mmagr, mnewsome, myarboro, nathans, nmoumoul, nobody, opohorel, orabin, oramraz, osapryki, osbuilders, pcpbot, pcreech, pehunt, pgrist, pjindal, pthomas, rchan, rgarg, rhcos-sst, rhuss, saroy, scorneli, scox, sgott, shbose, simaishi, skontopo, smcdonal, smullick, teagle, tsweeney, ubhargav, vkareh, yguenane, zsadeh | |
| Avinash Hanwate | 2023-08-03 07:16:56 UTC | CC | aazores, aileenc, amasferr, amctagga, aoconnor, apjagtap, asatyam, bdettelb, bniver, cdaley, diagrawa, dymurray, eaguilar, ebaron, eric.wittmann, flucifre, gmeno, gparvin, ibolton, janstey, jcantril, jkang, jkoehler, jmatthew, jmontleo, jpallich, kaycoth, lmadsen, mbenjamin, mhackett, mkudlej, mrunge, mwringe, nboldt, njean, ocs-bugs, owatkins, pahickey, pantinor, peholase, periklis, rhos-maint, rjohnson, sfroberg, slucidi, sostapov, spandura, sseago, stcannon, tjochec, vereddy, whayutin | |
| Avinash Hanwate | 2023-08-03 07:17:43 UTC | CC | jwendell, rcernich, twalsh | |
| Red Hat Bugzilla | 2023-08-03 08:29:29 UTC | CC | ocs-bugs | |
| Avinash Hanwate | 2023-08-03 11:26:16 UTC | Depends On | 2228835, 2228843, 2228838, 2228842, 2228844, 2228839, 2228834, 2228836, 2228829, 2228837, 2228830, 2228833, 2228840, 2228831, 2228832 | |
| Victor Kareh | 2023-08-03 13:04:15 UTC | CC | adudiak, dfreiber, kshier, rogbas, tfister, vkumar | |
| CC | vkareh | |||
| Joel Smith | 2023-08-03 19:06:35 UTC | CC | joelsmith | |
| Avinash Hanwate | 2023-08-04 05:51:30 UTC | Depends On | 2229063, 2229061, 2229062 | |
| Avinash Hanwate | 2023-08-04 05:55:24 UTC | Depends On | 2229065, 2229085, 2229089, 2229077, 2229094, 2229080, 2229086, 2229091, 2229084, 2229093, 2229066, 2229076, 2229069, 2229075, 2229092, 2229064, 2229083, 2229088, 2229068, 2229078, 2229081, 2229073, 2229079, 2229072, 2229082, 2229067, 2229071, 2229074, 2229090, 2229070, 2229087 | |
| Nick Tait | 2023-08-04 16:44:57 UTC | Summary | TRIAGE-CVE-2023-29409 golang: crypto/tls: verifying certificate chains containing large RSA keys is slow | TRIAGE-CVE-2023-29409 golang: crypto/tls: slow verification of certificate chains containing large RSA keys |
| Avinash Hanwate | 2023-08-07 04:48:20 UTC | Doc Text | A denial of service vulnerability was found in the Golang Go package, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker could exploit this vulnerability to cause a client/server to expend significant CPU time verifying signatures, which results in a denial of service condition. | |
| Alias | TRIAGE-CVE-2023-29409 | CVE-2023-29409 | ||
| Summary | TRIAGE-CVE-2023-29409 golang: crypto/tls: slow verification of certificate chains containing large RSA keys | CVE-2023-29409 golang: crypto/tls: slow verification of certificate chains containing large RSA keys | ||
| Fixed In Version | Go 1.20.7, Go 1.19.12 | |||
| Avinash Hanwate | 2023-08-07 06:06:41 UTC | Depends On | 2229621, 2229620 | |
| RaTasha Tillery-Smith | 2023-08-07 13:04:53 UTC | Doc Text | A denial of service vulnerability was found in the Golang Go package, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker could exploit this vulnerability to cause a client/server to expend significant CPU time verifying signatures, which results in a denial of service condition. | A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition. |
| Debarshi Ray | 2023-08-07 17:42:48 UTC | Flags | needinfo?(ahanwate) | |
| Avinash Hanwate | 2023-08-09 08:52:47 UTC | CC | nmontero | |
| Avinash Hanwate | 2023-08-09 08:54:14 UTC | Depends On | 2230278 | |
| Avinash Hanwate | 2023-08-09 09:03:50 UTC | Flags | needinfo?(ahanwate) |
Back to bug 2228743