Описание
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.25 | fixed | 1.25.2-1 | package | |
| golang-1.24 | fixed | 1.24.8-1 | package | |
| golang-1.24 | no-dsa | trixie | package | |
| golang-1.23 | removed | package | ||
| golang-1.19 | removed | package | ||
| golang-1.19 | no-dsa | bookworm | package | |
| golang-1.15 | removed | package | ||
| golang-1.15 | postponed | bullseye | package |
Примечания
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
https://github.com/golang/go/issues/75675
https://github.com/golang/go/commit/930ce220d052d632f0d84df5850c812a77b70175 (go1.25.2)
https://github.com/golang/go/commit/f9f198ab05e3282cbf6b13251d47d9141981e401 (go1.24.8)
Связанные уязвимости
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Panic when validating certificates with DSA public keys in crypto/x509
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Уязвимость функции Equal() компонента crypto-x509 языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании