You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2023 29409
About this tag
CVE-2023-29409 is a vulnerability in the Go standard library's crypto/tls package that allows extremely large RSA keys in certificate chains to cause excessive CPU consumption during signature verification, leading to a denial of service. Microsoft's Azure Linux includes this open-source library and is potentially affected, as noted in MSRC documentation. Discussions on WindowsForum.com examine the technical details of the flaw, its impact on TLS handshakes, and the scope of affected Microsoft products, clarifying that Azure Linux is not necessarily the only product that could ship the vulnerable component.
CVE-2023-29409 exposes a subtle but important risk in the Go standard library’s crypto/tls package: extremely large RSA keys in certificate chains can force a TLS endpoint to burn excessive CPU cycles while verifying signatures, and Microsoft’s brief MSRC wording that “Azure Linux includes this...