Vulnerability Report: GO-2022-0434

standard library

CVE-2022-27536
Affects: crypto/x509
Published: May 23, 2022
Modified: May 20, 2024

Verifying certificate chains containing certificates which are not compliant with RFC 5280 causes Certificate.Verify to panic on macOS. These chains can be delivered through TLS and can cause a crypto/tls or net/http client to crash.

Affected Packages

Path

Go Versions

Symbols
crypto/x509

from go1.18.0-0 before go1.18.1
- Certificate.Verify

Aliases

CVE-2022-27536

References

https://go.dev/cl/393655
https://go.googlesource.com/go/+/0fca8a8f25cf4636fd980e72ba0bded4230922de
https://go.dev/issue/51759
https://groups.google.com/g/golang-announce/c/oecdBNLOml8
https://vuln.go.dev/ID/GO-2022-0434.json

Credits

Tailscale

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL