ALT-PU-2021-2214-1
Closed vulnerabilities
Published: 2021-07-15
BDU:2022-00715
Уязвимость пакета crypto/tls языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2021-07-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-34558
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://golang.org/doc/devel/release#go1.16.minor
- https://golang.org/doc/devel/release#go1.16.minor
- https://groups.google.com/g/golang-announce
- https://groups.google.com/g/golang-announce
- https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
- https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
- FEDORA-2021-1bfb61f77c
- FEDORA-2021-1bfb61f77c
- FEDORA-2021-07e4d20196
- FEDORA-2021-07e4d20196
- FEDORA-2021-ffa749f7f7
- FEDORA-2021-ffa749f7f7
- FEDORA-2021-25c0011e78
- FEDORA-2021-25c0011e78
- FEDORA-2021-54f88bebd4
- FEDORA-2021-54f88bebd4
- FEDORA-2021-3a55403080
- FEDORA-2021-3a55403080
- FEDORA-2021-6ac9b98f9e
- FEDORA-2021-6ac9b98f9e
- FEDORA-2021-c35235c250
- FEDORA-2021-c35235c250
- FEDORA-2021-47d259d3cf
- FEDORA-2021-47d259d3cf
- GLSA-202208-02
- GLSA-202208-02
- https://security.netapp.com/advisory/ntap-20210813-0005/
- https://security.netapp.com/advisory/ntap-20210813-0005/
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html