QwikSec

Security Database

CVE

CWE

Training

CVE-2024-24783

Published: Mar 5, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

Vendor	Product	Versions
Go standard library	crypto/x509	affected `0 - < 1.21.8` affected `1.22.0-0 - < 1.22.1`

References

https://go.dev/issue/65390

https://go.dev/cl/569339

https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg

https://pkg.go.dev/vuln/GO-2024-2598

https://security.netapp.com/advisory/ntap-20240329-0005/

http://www.openwall.com/lists/oss-security/2024/03/08/4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.