Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-24783

Опубликовано: 05 мар. 2024
Источник: debian
EPSS Низкий

Описание

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.22fixed1.22.1-1package
golang-1.21fixed1.21.8-1package
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://github.com/golang/go/issues/65390

  • https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)

  • https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)

EPSS

Процентиль: 60%
0.00401
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-24783

CVSS3: 5.9
ubuntu
больше 1 года назад

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

redhat логотип

CVE-2024-24783

CVSS3: 5.9
redhat
больше 1 года назад

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

nvd логотип

CVE-2024-24783

CVSS3: 5.9
nvd
больше 1 года назад

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

github логотип

GHSA-3q2c-pvp5-3cqp

CVSS3: 5.9
github
больше 1 года назад

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

oracle-oval логотип

ELSA-2024-6195

oracle-oval
10 месяцев назад

ELSA-2024-6195: skopeo security update (MODERATE)

EPSS

Процентиль: 60%
0.00401
Низкий