The Verify function in Go’s crypto/dsa implementation (crypto/dsa/dsa.go) contained an input‑validation flaw that could be weaponized to force an application into an infinite loop and an effective denial‑of‑service; the bug was tracked as CVE‑2016‑3959 and fixed in the emergency releases Go...
