Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-41724

Опубликовано: 28 фев. 2023
Источник: debian
EPSS Низкий

Описание

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.20fixed1.20.1-1package
golang-1.19fixed1.19.6-1experimentalpackage
golang-1.19fixed1.19.6-2package
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11not-affectedpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E

  • https://go.dev/issue/58001

  • https://github.com/golang/go/commit/66c58b946beaa38de35241c3f64ec358f5ad03f1 (master)

  • Introduced by: https://github.com/golang/go/commit/4c8b09e9183390d6ab80d3f53a9fe5f6ace92f06 (go1.12beta1)

  • Introduced by: https://github.com/golang/go/commit/6435d0cfbf72f405f31430e60766add6d6762fe1 (go1.12beta1)

EPSS

Процентиль: 2%
0.00016
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-41724

CVSS3: 7.5
ubuntu
больше 2 лет назад

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

redhat логотип

CVE-2022-41724

CVSS3: 7.5
redhat
больше 2 лет назад

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

nvd логотип

CVE-2022-41724

CVSS3: 7.5
nvd
больше 2 лет назад

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

github логотип

GHSA-89mw-w342-mqrr

CVSS3: 7.5
github
больше 2 лет назад

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

fstec логотип

BDU:2024-03152

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость пакета crypto/tls языка программирования Golang, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 2%
0.00016
Низкий