Vulnerability Report: GO-2022-0434
- CVE-2022-27536
- Affects: crypto/x509
- Published: May 23, 2022
- Modified: Jun 12, 2023
Verifying certificate chains containing certificates which are not compliant with RFC 5280 causes Certificate.Verify to panic on macOS. These chains can be delivered through TLS and can cause a crypto/tls or net/http client to crash.
Affected Packages
-
PathVersionsSymbols
-
from go1.18.0-0 before go1.18.1
Aliases
References
- https://go.dev/cl/393655
- https://go.googlesource.com/go/+/0fca8a8f25cf4636fd980e72ba0bded4230922de
- https://go.dev/issue/51759
- https://groups.google.com/g/golang-announce/c/oecdBNLOml8
- https://vuln.go.dev/ID/GO-2022-0434.json
Credits
- Tailscale
Feedback
See anything missing or incorrect?
Suggest an edit to this report.