Back to search
CVE-2021-34558
Published: Jul 15, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://groups.google.com/g/golang-announce
x_refsource_MISC
https://golang.org/doc/devel/release#go1.16.minor
x_refsource_MISC
FEDORA-2021-25c0011e78
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-1bfb61f77c
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-3a55403080
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-47d259d3cf
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-6ac9b98f9e
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-07e4d20196
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-ffa749f7f7
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-54f88bebd4
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-c35235c250
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210813-0005/
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
GLSA-202208-02
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now