The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
2021-07-15T14:15:19.660
2024-11-21T06:10:40.993
Modified
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:H/Au:N/C:N/I:N/A:P
4.9
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | golang | go | < 1.15.14 | Yes |
Application | golang | go | < 1.16.6 | Yes |
Operating System | fedoraproject | fedora | 33 | Yes |
Operating System | fedoraproject | fedora | 34 | Yes |
Application | netapp | cloud_insights_telegraf | - | Yes |
Application | netapp | storagegrid | - | Yes |
Application | netapp | trident | - | Yes |
Application | oracle | timesten_in-memory_database | < 21.1.1.1.0 | Yes |