5 matches found
BIT-GOLANG-2024-24783 Verify panics on certificates with an unknown public key algorithm in crypto/x509
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...
Golang < 1.21.8, 1.22.x < 1.22.1 Multiple Vulnerabilities
The version of Golang running on the remote host is prior to 1.21.8 or 1.22.x prior to 1.22.1. It is, therefore, is affected by multiple vulnerabilities: - A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. CVE-2023-45289 - Verifying a certificate chai...
Design/Logic Flaw
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...
CVE-2024-24783
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...
CVE-2024-24783
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...