Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-7919

Опубликовано: 28 янв. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

An integer overflow vulnerability was found in the Go crypto/x509 and golang.org/x/crypto/cryptobyte libraries on 32-bit architectures. A remote attacker could exploit this by supplying a crafted x.509 certificate, or other ASN.1 structure, as either a client or server to crash vulnerable Go applications.

Отчет

Below products are only supported on 64bit architectures and are therefore not affected by this flaw:

  • OpenShift Container Platform
  • OpenShift Service Mesh
  • Red Hat Ceph Storage
  • Red Hat Gluster Storage
  • Container-native Virtualization

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1jaegerNot affected
OpenShift Service Mesh 1jaeger-operatorNot affected
OpenShift Service Mesh 1kialiNot affected
OpenShift Service Mesh 1servicemeshNot affected
OpenShift Service Mesh 1servicemesh-cniNot affected
OpenShift Service Mesh 1servicemesh-operatorNot affected
OpenShift Service Mesh 1servicemesh-prometheusNot affected
Red Hat Ceph Storage 2golangNot affected
Red Hat Ceph Storage 3golangNot affected
Red Hat Ceph Storage 3grafanaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190->CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1808041golang: Integer overflow on 32bit architectures via crafted certificate allows for denial of service

EPSS

Процентиль: 74%
0.0085
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-7919

CVSS3: 7.5
ubuntu
почти 6 лет назад

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

nvd логотип

CVE-2020-7919

CVSS3: 7.5
nvd
почти 6 лет назад

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

debian логотип

CVE-2020-7919

CVSS3: 7.5
debian
почти 6 лет назад

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...

github логотип

GHSA-cjjc-xp8v-855w

CVSS3: 7.5
github
больше 4 лет назад

Helm uses crypto package vulnerable to panic from malformed X.509 certificate

fstec логотип

BDU:2021-01915

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость библиотек crypto/x509 и golang.org/x/crypto/cryptobyte языка программирования GO, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 74%
0.0085
Низкий

7.5 High

CVSS3