Message Forgery Vulnerability in Go Cryptography Libraries
CVE-2019-11841

5.9MEDIUM

Key Information:

Vendor: Golang
Status: Crypto
Vendor: CVE Published:; 22 May 2019

What is CVE-2019-11841?

A message-forgery issue in the Go cryptography libraries permits attackers to spoof cleartext signed messages. The Clearsign package disregards the 'Hash' Armor Header, leading to potential misrepresentation of the message digest algorithms used in signatures. An attacker could embed arbitrary Armor Headers or prepend text to messages, which compromises the integrity of signed communications. This flaw highlights significant security concerns related to message authenticity and integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://sec-consult.com/

https://go.googlesource.com/crypto/

http://packetstormsecurity.com/files/152840/Go-Cryptograp...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2019
Vulnerability Reserved
May 9, 2019

JSON

Golang

What is CVE-2019-11841?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.