The Go programming language has a vulnerability in its DER payload parsing. This allows attackers to allocate large amounts of memory, causing memory exhaustion.
The Go programming language has a vulnerability in its DER payload parsing. This allows attackers to allocate large amounts of memory, causing memory exhaustion.
You're affected if you use Go version 1.18 or later (due to the fix being introduced in Go 1.19). Check with: go version command
Upgrade to Go 1.19 or later from the official Go website: https://golang.org/doc/upgrading
- Immediate mitigations:
- Disable DER parsing by setting derparse disabled=true in your go.mod file.
- Monitor for memory exhaustion errors.