Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf | |
https://groups.google.com/g/golang-announce | Mailing List Vendor Advisory |
https://groups.google.com/g/golang-announce/c/oecdBNLOml8 | Mailing List Release Notes Vendor Advisory |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230309-0001/ |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Mar 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Feb 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2022, 21:34
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2022, 22:53
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-295 | |
First Time |
Golang go
Golang Apple macos Apple |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* |
|
References | (MISC) https://groups.google.com/g/golang-announce - Mailing List, Vendor Advisory | |
References | (MISC) https://groups.google.com/g/golang-announce/c/oecdBNLOml8 - Mailing List, Release Notes, Vendor Advisory |
20 Apr 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-20 10:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-27536
Mitre link : CVE-2022-27536
CVE.ORG link : CVE-2022-27536
JSON object : View
Products Affected
apple
- macos
golang
- go
CWE
CWE-295
Improper Certificate Validation