3 matches found
AZL-78986 CVE-2025-22874 affecting package golang 1.25.7-1
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...
Exploit for Code Injection in Vmware Cloud_Foundation
CVE-2024-22274 Exploit This repository contains an exploit fo...
AZL-37310 CVE-2023-45287 affecting package golang for versions less than 1.21.6-1
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...