Helm uses crypto package vulnerable to panic from malformed X.509 certificate

🗓️ 23 Jun 2021 18:39:02Reported by GitHub Advisory DatabaseType

Helm crypto package vulnerability in X.509 certificat

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 54
GitLab Advisory Database	Improper Certificate Validation	23 Jun 202100:00	–	gitlab
Tenable Nessus	Photon OS 2.0: Go PHSA-2020-2.0-0238	5 May 202000:00	–	nessus
Tenable Nessus	Photon OS 3.0: Go PHSA-2020-3.0-0087	13 May 202000:00	–	nessus
Tenable Nessus	Photon OS 1.0: Go PHSA-2020-1.0-0292	13 May 202000:00	–	nessus
Tenable Nessus	Fedora 31 : golang (2020-12bc5b5597)	10 Apr 202000:00	–	nessus
Tenable Nessus	Debian DSA-4848-1 : golang-1.11 - security update	10 Feb 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-1804)	30 Jul 202000:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2023-0142)	9 Nov 202300:00	–	nessus
AlpineLinux	CVE-2020-7919	16 Mar 202021:15	–	alpinelinux
OSV	Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte	6 Jul 202218:23	–	osv

Vulners

Node

helm v3Range3.0.0–3.1.0

x cryptoRange<0.0.0-20200124225646-8b5121be2f68

helm helmRange2.0.0–2.16.8

Source	Link
github	www.github.com/helm/helm/security/advisories/GHSA-cjjc-xp8v-855w
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-7919
groups	www.groups.google.com/forum/
groups	www.groups.google.com/forum/
groups	www.groups.google.com/forum/
debian	www.debian.org/security/2021/dsa-4848
oracle	www.oracle.com/security-alerts/cpuApr2021.html
go	www.go.dev/cl/216677
go	www.go.dev/cl/216680
go	www.go.dev/issue/36837

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Jun 2021 18:02Current

7.3High risk

Vulners AI Score7.3

CVSS27.8

CVSS37.5

EPSS0.00627

CWE-295