VDB

BIT-golang-2021-34558

BIT-golang-2021-34558 PUBLISHED CVSS 6.5 MEDIUM

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Bitnamigolang0, 1.16.0, 1.16.0

Timeline

  • Mar 6, 2024 CVE Published
  • Apr 3, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›