A workaround is present in Go 1.12.6+ and Go 1.13.7+, but affected users should additionally install the Windows security update to protect their system.

See https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0601 for details on the Windows vulnerability.

CPENameOperatorVersion
stdliblt1.13.7
stdliblt1.12.16
stdlibge1.13.0-0

Name	Operator	Version
stdlib	lt	1.13.7
stdlib	lt	1.12.16
stdlib	ge	1.13.0-0

References

go.dev/cl/215905

go.dev/issue/36834

go.googlesource.com/go/+/953bc8f391a63adf00bac2515dba62abe8a1e2c2

groups.google.com/g/golang-announce/c/Hsw4mHYc470/m/WJeW5wguEgAJ

attackerkb 1

githubexploit 5

alpinelinux 1

cve 1

checkpoint_security 1

veracode 1

msrc 3

trendmicroblog 3

prion 1

trellix 2

schneier 1

cisa_kev 1

cert 1

checkpoint_advisories 1

krebs 2

cloudfoundry 1

carbonblack 1

osv 2

zdt 1

symantec 1

filippoio 1

qualysblog 6

mscve 2

talosblog 2

threatpost 4

openvas 9

kaspersky 3

ics 2

thn 1

nessus 9

avleonov 1

chrome 1

rapid7blog 1

securelist 1

mskb 6

attackerkb

CVE-2020-0601, aka NSACrypt

2020-01-14 00:00:00

githubexploit

Exploit for Improper Certificate Validation in Microsoft

2020-03-03 08:49:47

Exploit for Improper Certificate Validation in Microsoft

2021-01-17 11:53:28

Exploit for Improper Certificate Validation in Microsoft

2020-02-03 13:58:07

alpinelinux

CVE-2020-0601

2020-01-14 23:15:00

cve

CVE-2020-0601

2020-01-14 23:15:00

checkpoint_security

Check Point Response to CVE-2020-0601 (CryptoAPI Spoofing Vulnerability)

2020-01-16 01:01:59

veracode

Certificate Spoofing

2020-01-30 04:08:05

msrc

January 2020 Security Updates: CVE-2020-0601

2020-01-14 18:01:05

January 2020 Security Updates: CVE-2020-0601

2020-01-14 08:00:00

January 2020 Security Updates: CVE-2020-0601

2020-01-14 08:00:00

trendmicroblog

This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records

2020-02-14 13:57:34

Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601

2020-01-17 17:40:24

This Week in Security News: Trend Micro Creates Factory Honeypot to Trap Malicious Attackers and Microsoft Leaves 250M Customer Service Records Open to the Web

2020-01-24 13:18:05

prion

Spoofing

2020-01-14 23:15:00

trellix

CurveBall – An Unimaginative Pun but a Devastating Bug

2020-06-17 00:00:00

CurveBall – An Unimaginative Pun but a Devastating Bug

2020-06-17 00:00:00

schneier

Critical Windows Vulnerability Discovered by NSA

2020-01-15 12:38:37

cisa_kev

Microsoft Windows CryptoAPI Spoofing Vulnerability

2021-11-03 00:00:00

cert

Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains

2020-01-14 00:00:00

checkpoint_advisories

Microsoft Windows CryptoAPI Spoofing (CVE-2020-0601)

2020-01-16 00:00:00

krebs

Patch Tuesday, January 2020 Edition

2020-01-15 02:31:50

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

2020-01-13 22:17:47

cloudfoundry

CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability | Cloud Foundry

2020-01-22 00:00:00

carbonblack

Using Live Query to Audit Your Environment for the Windows CryptoAPI Spoofing Vulnerability

2020-01-17 16:00:29

osv

BIT-golang-2020-0601

2024-03-06 11:08:38

CVE-2020-0601

2020-01-14 23:15:30

zdt

Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing

2020-01-16 00:00:00

symantec

Microsoft Windows CryptoAPI CVE-2020-0601 Spoofing Vulnerability

2020-01-14 00:00:00

filippoio

Replace PGP With an HTTPS Form

2020-07-18 22:00:00

qualysblog

Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate

2020-01-14 22:57:50

January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns

2020-01-14 19:34:09

Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)

2023-07-18 13:38:53

mscve

Windows CryptoAPI Spoofing Vulnerability

2020-01-14 08:00:00

Chromium Security Updates for Microsoft Edge (Chromium-Based)

2020-01-28 08:00:00

talosblog

Threat Source newsletter (Jan. 16, 2019)

2020-01-23 07:27:43

Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage

2020-01-17 10:14:27

threatpost

Microsoft Patches ‘Major’ Crypto Spoofing Bug

2020-01-14 20:32:30

PoC Exploits Published For Microsoft Crypto Bug

2020-01-16 16:05:57

Oracle Ties Previous All-Time Patch High with January Updates

2020-01-14 23:43:10

openvas

Google Chrome Security Updates(stable-channel-update-for-desktop_16-2020-01)-MAC OS X

2020-01-17 00:00:00

Google Chrome Security Updates(stable-channel-update-for-desktop_16-2020-01)-Linux

2020-01-17 00:00:00

Google Chrome Security Updates(stable-channel-update-for-desktop_16-2020-01)-Windows

2020-01-17 00:00:00

kaspersky

KLA11647 Multiple vulnerabilities in Google Chrome

2020-01-16 00:00:00

KLA11720 Multiple vulnerabilities in Opera

2020-01-22 00:00:00

KLA11639 Multiple vulnerabilities in Microsoft Windows

2020-01-14 00:00:00

ics

Critical Vulnerabilities in Microsoft Windows Operating Systems

2020-01-14 12:00:00

Potential for China Cyber Response to Heightened U.S.–China Tensions

2020-10-20 12:00:00

thn

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

2020-01-14 18:40:00

nessus

Microsoft Edge (Chromium) < 79.0.309.68 Multiple Vulnerabilities

2020-07-07 00:00:00

EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-2766)

2022-11-14 00:00:00

EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-2731)

2022-11-14 00:00:00

avleonov

Big Microsoft day: EOL for Win7, Win2008 and crypt32.dll

2020-01-14 18:02:20

chrome

Stable Channel Update for Desktop

2020-01-16 00:00:00

rapid7blog

Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year

2020-10-29 13:59:06

securelist

IT threat evolution Q1 2020. Statistics

2020-05-20 10:00:43

mskb

January 14, 2020—KB4534306 (OS Build 10240.18453)

2020-01-14 08:00:00

January 14, 2020—KB4528760 (OS Builds 18362.592 and 18363.592) - EXPIRED

2020-01-14 08:00:00

January 14, 2020—KB4534273 (OS Build 17763.973)

2020-01-14 08:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.97 High

EPSS

Percentile

99.7%

JSON

Related for OSV:GO-2022-0535