Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie
Typedeb
Namespacedebian
Namegolang-go.crypto
Version1:0.0~git20200221.2aa609c-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:0.0~git20211202.5770296-1
Latest_non_vulnerable_version1:0.50.0-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-37zk-9fax-v7e1
vulnerability_id VCID-37zk-9fax-v7e1
summary 
Improper Verification of Cryptographic Signature in golang.org/x/crypto
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
references
0
reference_url http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9283
reference_id
reference_type
scores
0
value 0.18682
scoring_system epss
scoring_elements 0.95285
published_at 2026-04-16T12:55:00Z
1
value 0.18682
scoring_system epss
scoring_elements 0.95277
published_at 2026-04-13T12:55:00Z
2
value 0.18682
scoring_system epss
scoring_elements 0.95275
published_at 2026-04-12T12:55:00Z
3
value 0.18682
scoring_system epss
scoring_elements 0.95274
published_at 2026-04-11T12:55:00Z
4
value 0.18682
scoring_system epss
scoring_elements 0.95269
published_at 2026-04-09T12:55:00Z
5
value 0.18682
scoring_system epss
scoring_elements 0.95266
published_at 2026-04-08T12:55:00Z
6
value 0.18682
scoring_system epss
scoring_elements 0.95259
published_at 2026-04-07T12:55:00Z
7
value 0.18682
scoring_system epss
scoring_elements 0.95254
published_at 2026-04-04T12:55:00Z
8
value 0.18682
scoring_system epss
scoring_elements 0.95251
published_at 2026-04-02T12:55:00Z
9
value 0.18682
scoring_system epss
scoring_elements 0.95239
published_at 2026-04-01T12:55:00Z
10
value 0.18682
scoring_system epss
scoring_elements 0.9529
published_at 2026-04-18T12:55:00Z
11
value 0.18682
scoring_system epss
scoring_elements 0.95292
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9283
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283
4
reference_url https://github.com/golang/crypto
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto
5
reference_url https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
6
reference_url https://go.dev/cl/220357
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/220357
7
reference_url https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
8
reference_url https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
9
reference_url https://groups.google.com/g/golang-announce/c/3L45YRc91SY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/3L45YRc91SY
10
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
11
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
12
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9283
14
reference_url https://pkg.go.dev/vuln/GO-2020-0012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0012
15
reference_url https://www.exploit-db.com/exploits/48121
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/48121
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1804533
reference_id 1804533
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1804533
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462
reference_id 952462
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py
reference_id CVE-2020-9283
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py
19
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
20
reference_url https://access.redhat.com/errata/RHSA-2020:2413
reference_id RHSA-2020:2413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2413
21
reference_url https://access.redhat.com/errata/RHSA-2020:2789
reference_id RHSA-2020:2789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2789
22
reference_url https://access.redhat.com/errata/RHSA-2020:2790
reference_id RHSA-2020:2790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2790
23
reference_url https://access.redhat.com/errata/RHSA-2020:2793
reference_id RHSA-2020:2793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2793
24
reference_url https://access.redhat.com/errata/RHSA-2020:2878
reference_id RHSA-2020:2878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2878
25
reference_url https://access.redhat.com/errata/RHSA-2020:3078
reference_id RHSA-2020:3078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3078
26
reference_url https://access.redhat.com/errata/RHSA-2020:3369
reference_id RHSA-2020:3369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3369
27
reference_url https://access.redhat.com/errata/RHSA-2020:3370
reference_id RHSA-2020:3370
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3370
28
reference_url https://access.redhat.com/errata/RHSA-2020:3372
reference_id RHSA-2020:3372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3372
29
reference_url https://access.redhat.com/errata/RHSA-2020:3414
reference_id RHSA-2020:3414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3414
30
reference_url https://access.redhat.com/errata/RHSA-2020:3809
reference_id RHSA-2020:3809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3809
31
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
32
reference_url https://access.redhat.com/errata/RHSA-2021:1129
reference_id RHSA-2021:1129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1129
fixed_packages
0
url pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n1h-e2p4-9yhs
1
vulnerability VCID-cmts-6kz4-zkh8
2
vulnerability VCID-et4d-ak3r-1bfa
3
vulnerability VCID-hu5a-ewvg-6ya7
4
vulnerability VCID-jwxs-gteb-kfg5
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-mn45-w3s3-syej
7
vulnerability VCID-n34c-71wq-s3e4
8
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmts-6kz4-zkh8
1
vulnerability VCID-hu5a-ewvg-6ya7
2
vulnerability VCID-jwxs-gteb-kfg5
3
vulnerability VCID-jzn6-bzzf-nugp
4
vulnerability VCID-mn45-w3s3-syej
5
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmts-6kz4-zkh8
1
vulnerability VCID-hu5a-ewvg-6ya7
2
vulnerability VCID-jwxs-gteb-kfg5
3
vulnerability VCID-mn45-w3s3-syej
4
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie
4
url pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie
5
url pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie
aliases CVE-2020-9283, GHSA-ffhg-7mh4-33c4
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37zk-9fax-v7e1
1
url VCID-3tpx-rnju-w3dw
vulnerability_id VCID-3tpx-rnju-w3dw
summary 
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

### Specific Go Packages Affected
golang.org/x/crypto/salsa20/salsa
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11840
reference_id
reference_type
scores
0
value 0.02086
scoring_system epss
scoring_elements 0.84038
published_at 2026-04-21T12:55:00Z
1
value 0.02086
scoring_system epss
scoring_elements 0.84037
published_at 2026-04-18T12:55:00Z
2
value 0.02086
scoring_system epss
scoring_elements 0.84035
published_at 2026-04-16T12:55:00Z
3
value 0.02086
scoring_system epss
scoring_elements 0.84011
published_at 2026-04-13T12:55:00Z
4
value 0.02086
scoring_system epss
scoring_elements 0.84015
published_at 2026-04-12T12:55:00Z
5
value 0.02086
scoring_system epss
scoring_elements 0.84021
published_at 2026-04-11T12:55:00Z
6
value 0.02086
scoring_system epss
scoring_elements 0.84006
published_at 2026-04-09T12:55:00Z
7
value 0.02086
scoring_system epss
scoring_elements 0.83999
published_at 2026-04-08T12:55:00Z
8
value 0.02086
scoring_system epss
scoring_elements 0.83976
published_at 2026-04-07T12:55:00Z
9
value 0.02705
scoring_system epss
scoring_elements 0.85853
published_at 2026-04-04T12:55:00Z
10
value 0.02705
scoring_system epss
scoring_elements 0.85835
published_at 2026-04-02T12:55:00Z
11
value 0.02705
scoring_system epss
scoring_elements 0.85824
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11840
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1691529
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1691529
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
4
reference_url https://github.com/golang/go
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go
5
reference_url https://github.com/golang/go/issues/30965
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/30965
6
reference_url https://go.dev/cl/168406
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/168406
7
reference_url https://go.dev/issue/30965
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/30965
8
reference_url https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
9
reference_url https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
10
reference_url https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
11
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
12
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
13
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
14
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
15
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
16
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11840
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11840
18
reference_url https://pkg.go.dev/vuln/GO-2022-0209
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0209
19
reference_url https://access.redhat.com/errata/RHSA-2021:0079
reference_id RHSA-2021:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0079
fixed_packages
0
url pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n1h-e2p4-9yhs
1
vulnerability VCID-cmts-6kz4-zkh8
2
vulnerability VCID-et4d-ak3r-1bfa
3
vulnerability VCID-hu5a-ewvg-6ya7
4
vulnerability VCID-jwxs-gteb-kfg5
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-mn45-w3s3-syej
7
vulnerability VCID-n34c-71wq-s3e4
8
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmts-6kz4-zkh8
1
vulnerability VCID-hu5a-ewvg-6ya7
2
vulnerability VCID-jwxs-gteb-kfg5
3
vulnerability VCID-jzn6-bzzf-nugp
4
vulnerability VCID-mn45-w3s3-syej
5
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmts-6kz4-zkh8
1
vulnerability VCID-hu5a-ewvg-6ya7
2
vulnerability VCID-jwxs-gteb-kfg5
3
vulnerability VCID-mn45-w3s3-syej
4
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie
4
url pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie
5
url pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie
aliases CVE-2019-11840, GHSA-r5c5-pr8j-pfp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tpx-rnju-w3dw
2
url VCID-zvd3-3b1h-77ef
vulnerability_id VCID-zvd3-3b1h-77ef
summary 
Golang/x/crypto message forgery vulnerability
A message-forgery issue was discovered in `crypto/openpgp/clearsign/clearsign.go` in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.
references
0
reference_url http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11841
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60586
published_at 2026-04-16T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60545
published_at 2026-04-13T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60525
published_at 2026-04-04T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60592
published_at 2026-04-18T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60566
published_at 2026-04-12T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.6058
published_at 2026-04-21T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60559
published_at 2026-04-09T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60543
published_at 2026-04-08T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60494
published_at 2026-04-07T12:55:00Z
9
value 0.00397
scoring_system epss
scoring_elements 0.60423
published_at 2026-04-01T12:55:00Z
10
value 0.00397
scoring_system epss
scoring_elements 0.60498
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11841
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841
3
reference_url https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442
4
reference_url https://github.com/golang/crypto/tree/master/openpgp/clearsign
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto/tree/master/openpgp/clearsign
5
reference_url https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
6
reference_url https://go-review.git.corp.google.com/c/crypto/+/173778
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go-review.git.corp.google.com/c/crypto/+/173778
7
reference_url https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ
8
reference_url https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html
9
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
10
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11841
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11841
12
reference_url https://pkg.go.dev/vuln/GO-2023-1992
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2023-1992
13
reference_url https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841
fixed_packages
0
url pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1n1h-e2p4-9yhs
1
vulnerability VCID-cmts-6kz4-zkh8
2
vulnerability VCID-et4d-ak3r-1bfa
3
vulnerability VCID-hu5a-ewvg-6ya7
4
vulnerability VCID-jwxs-gteb-kfg5
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-mn45-w3s3-syej
7
vulnerability VCID-n34c-71wq-s3e4
8
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmts-6kz4-zkh8
1
vulnerability VCID-hu5a-ewvg-6ya7
2
vulnerability VCID-jwxs-gteb-kfg5
3
vulnerability VCID-jzn6-bzzf-nugp
4
vulnerability VCID-mn45-w3s3-syej
5
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmts-6kz4-zkh8
1
vulnerability VCID-hu5a-ewvg-6ya7
2
vulnerability VCID-jwxs-gteb-kfg5
3
vulnerability VCID-mn45-w3s3-syej
4
vulnerability VCID-sty6-gwh1-hbcy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie
4
url pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie
5
url pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie
purl pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie
aliases CVE-2019-11841, GHSA-x3jr-pf6g-c48f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvd3-3b1h-77ef
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie