VDB

GCVE-VVD-MAGEIA-2019-66

GCVE-VVD-MAGEIA-2019-66
Advisory Published
Vulnetix · Advisory published July 20, 2019
Remote code execution in go get, when executed with the -u flag (CVE-2018-16873). An arbitrary filesystem write in go get, which could lead to code execution (CVE-2018-16874). Denial of Service in the crypto/x509 package during certificate chain validation (CVE-2018-16875). Go before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks (CVE-2019-6486).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiamesa0 (affected), 19.1.2-1.mga7 (unaffected)
Mageiagolang0 (affected), 1.11.5-1.mga6 (unaffected), 0 (affected), 1.11.5-1.mga6 (unaffected)

References

Updated golang packages fix security vulnerability
advisory
Updated golang packages fix security vulnerability
issue
Updated golang packages fix security vulnerability
issue
Updated golang packages fix security vulnerability
advisory
Mesa 19.1.2 maintenance release
advisory
Mesa 19.1.2 maintenance release
issue
Mesa 19.1.2 maintenance release
issue
Mesa 19.1.2 maintenance release
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›