Vulnerability Report: GO-2021-0223
- CVE-2020-14039
- Affects: crypto/x509
- Published: Feb 17, 2022
- Modified: Jun 12, 2023
On Windows, if VerifyOptions.Roots is nil, Certificate.Verify does not check the EKU requirements specified in VerifyOptions.KeyUsages. This may allow a certificate to be used for an unintended purpose.
Affected Packages
-
PathVersionsSymbols
-
before go1.13.13, from go1.14.0-0 before go1.14.5all symbols
Aliases
References
- https://go.dev/cl/242597
- https://go.googlesource.com/go/+/82175e699a2e2cd83d3aa34949e9b922d66d52f5
- https://go.dev/issue/39360
- https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w
- https://vuln.go.dev/ID/GO-2021-0223.json
Credits
- Niall Newman
Feedback
See anything missing or incorrect?
Suggest an edit to this report.