CVE-2022-27536

Опубликовано: 20 апр. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
https://groups.google.com/g/golang-announce
Mailing List
Vendor Advisory
https://groups.google.com/g/golang-announce/c/oecdBNLOml8
Mailing List
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/202208-02
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230309-0001/
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
https://groups.google.com/g/golang-announce
Mailing List
Vendor Advisory
https://groups.google.com/g/golang-announce/c/oecdBNLOml8
Mailing List
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/202208-02
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230309-0001/

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия от 1.18.0 (включая) до 1.18.1 (исключая)

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00158

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2022-27536

CVSS3: 7.5

ubuntu

около 3 лет назад

CVE-2022-27536

CVSS3: 7.5

debian

около 3 лет назад

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be ca ...

GHSA-vwmq-9gjc-2jjj

CVSS3: 7.5

github

около 3 лет назад

SUSE-SU-2022:1410-1

suse-cvrf

около 3 лет назад

Security update for go1.18

ELSA-2022-17956

oracle-oval

почти 3 года назад

ELSA-2022-17956: go-toolset:ol8addon security update (IMPORTANT)

EPSS

Процентиль: 38%

0.00158

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-295