Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-45341

Опубликовано: 28 янв. 2025
Источник: debian

Описание

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.24fixed1.24~rc2-1package
golang-1.23fixed1.23.5-1package
golang-1.22fixed1.22.11-1package
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI

  • https://go.dev/issue/71156

  • Fixed by: https://github.com/golang/go/commit/468fad45a27db0ec1fff4ae397d3670795b3f977 (go1.24rc2)

  • Fixed by: https://github.com/golang/go/commit/fdb8413fe588ec6dc31f1deaf43eb7202a76bb79 (go1.23.5)

  • Fixed by: https://github.com/golang/go/commit/19d21034157ba69d0f54318a9867d9b08730efcb (go1.22.11)

  • Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs

Связанные уязвимости

ubuntu логотип

CVE-2024-45341

CVSS3: 6.1
ubuntu
5 месяцев назад

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

redhat логотип

CVE-2024-45341

CVSS3: 4.2
redhat
5 месяцев назад

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

nvd логотип

CVE-2024-45341

CVSS3: 6.1
nvd
5 месяцев назад

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

msrc логотип

CVE-2024-45341

CVSS3: 6.1
msrc
4 месяца назад

Описание отсутствует

github логотип

GHSA-3f6r-qh9c-x6mm

CVSS3: 6.1
github
5 месяцев назад

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.