CVE-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

Summary:

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

Reference Links(if available):

  • https://groups.google.com/forum/#!topic/golang-announce/Hsw4mHYc470
  • https://groups.google.com/forum/#!topic/golang-announce/-sdUB4VEQkA
  • https://groups.google.com/forum/#!forum/golang-announce
  • https://security.netapp.com/advisory/ntap-20200327-0001/
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBC/
  • CVSS Score (if available)

    v2: / HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Links to Exploits(if available)