Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-32280

Опубликовано: 08 апр. 2026
Источник: debian

Описание

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.26fixed1.26.2-1package
golang-1.25fixed1.25.9-1package
golang-1.24removedpackage
golang-1.24no-dsatrixiepackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU

  • https://github.com/golang/go/issues/78282

  • https://go-review.googlesource.com/c/go/+/758320

  • Fixed by: https://github.com/golang/go/commit/7b4ed1d7d91316b2b52ca61c891d75840febd3f2 (go1.26.2)

  • Fixed by: https://github.com/golang/go/commit/edc1e4a5f2af48b648502d987b8d4eebf43c884b (go1.25.9)

Связанные уязвимости

ubuntu логотип

CVE-2026-32280

CVSS3: 7.5
ubuntu
3 месяца назад

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

redhat логотип

CVE-2026-32280

CVSS3: 7.5
redhat
3 месяца назад

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

nvd логотип

CVE-2026-32280

CVSS3: 7.5
nvd
3 месяца назад

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

msrc логотип

CVE-2026-32280

msrc
2 месяца назад

Unexpected work during chain building in crypto/x509

github логотип

GHSA-m4pr-4j3g-9v7v

CVSS3: 7.5
github
3 месяца назад

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.