CVE-2019-11841
CVE-2019-11841 is a medium-severity vulnerability in Golang Crypto with a CVSS 3.x base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-347.
Key facts
- Severity: Medium (CVSS 3.x base score 5.9)
- CVSS v2: 4.3
- EPSS exploit prediction: 2% (78th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-347
- Affected product: Golang Crypto
- Published:
- Last modified:
Description
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.
Frequently asked questions
- What is CVE-2019-11841?
- A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.
- How severe is CVE-2019-11841?
- CVE-2019-11841 has a CVSS 3.x base score of 5.9, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity high, and availability none.
- Is CVE-2019-11841 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (78th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-11841?
- CVE-2019-11841 primarily affects Golang Crypto. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2019-11841?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2019-11841 published?
- CVE-2019-11841 was published on 2019-05-22 and last updated on 2026-06-17.
References
- http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
- https://go.googlesource.com/crypto/
- https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
- https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
- https://sec-consult.com/
- https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841/
Affected products (3)
- cpe:2.3:a:golang:crypto:2019-03-25:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
More vulnerabilities in Golang Crypto
- CVE-2026-46595 — Critical (CVSS 10.0): Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of…
- CVE-2026-42508 — Critical (CVSS 9.1): Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key'…
- CVE-2026-39834 — Critical (CVSS 9.1): When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload…
- CVE-2026-39833 — Critical (CVSS 9.1): The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never…
- CVE-2026-39832 — Critical (CVSS 9.1): When adding a key to a remote agent constraint extensions such as [email protected] were not…
- CVE-2026-39831 — Critical (CVSS 9.1): The Verify() method for FIDO/U2F security key types ([email protected], [email protected])…
All CVEs affecting Golang Crypto →
Other CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities
- CVE-2026-48558 — Critical (CVSS 10.0): SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the…
- CVE-2023-25574 — Critical (CVSS 10.0): `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI).…
- CVE-2024-45409 — Critical (CVSS 10.0): The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <=…
- CVE-2024-32962 — Critical (CVSS 10.0): xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default…
- CVE-2022-24884 — Critical (CVSS 10.0): ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()`…
- CVE-2021-33885 — Critical (CVSS 10.0): An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a…
Browse all CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities →