Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.

Published

2023-08-02T20:15:11.940

Last Modified

2024-11-21T07:57:00.287

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	golang	go	< 1.19.12	Yes
Application	golang	go	< 1.20.7	Yes
Application	golang	go	1.21.0	Yes
Application	golang	go	1.21.0	Yes
Application	golang	go	1.21.0	Yes

References

https://go.dev/cl/515257 Patch ([email protected])
https://go.dev/issue/61460 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ Mailing List, Vendor Advisory ([email protected])
https://pkg.go.dev/vuln/GO-2023-1987 Patch, Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/202311-09 ([email protected])
https://security.netapp.com/advisory/ntap-20230831-0010/ ([email protected])
https://go.dev/cl/515257 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://go.dev/issue/61460 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://pkg.go.dev/vuln/GO-2023-1987 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202311-09 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230831-0010/ (af854a3a-2127-422b-91ae-364da2661108)