Описание
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2 | openshift-golang-builder-container | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-golang-builder-container | Fix deferred | ||
| Red Hat Enterprise Linux 10 | golang | Fix deferred | ||
| Red Hat Enterprise Linux 8 | go-toolset:rhel8/golang | Fix deferred | ||
| Red Hat Enterprise Linux 9 | golang | Fix deferred | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | golang | Fix deferred | ||
| Red Hat Hardened Images | golang1.26 | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift-golang-builder-container | Fix deferred | ||
| Red Hat OpenShift Virtualization 4 | openshift-golang-builder-container | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS3
Связанные уязвимости
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
Panic in name constraint checking for malformed certificates in crypto/x509
Certificate verification can panic when a certificate in the chain has ...
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
3.7 Low
CVSS3