Описание
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Not affected | ||
| Cost Management Metrics Operator | costmanagement/costmanagement-metrics-rhel8-operator | Affected | ||
| Fence Agents Remediation Operator | workload-availability/fence-agents-remediation-rhel8-operator | Will not fix | ||
| Logical Volume Manager Storage | lvms4/topolvm-rhel9 | Affected | ||
| Machine Deletion Remediation Operator | workload-availability/machine-deletion-remediation-rhel8-operator | Affected | ||
| Migration Toolkit for Applications 6 | mta/mta-hub-rhel8 | Will not fix | ||
| Migration Toolkit for Applications 7 | mta/mta-cli-rhel9 | Not affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-api-rhel9 | Affected | ||
| mirror registry for Red Hat OpenShift | mirror-registry-container | Affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/hive-rhel8 | Will not fix |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
Verifying a certificate chain which contains a certificate with an unk ...
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
EPSS
5.9 Medium
CVSS3