VDB
DEBIAN-CVE-2022-41724
DEBIAN-CVE-2022-41724
PUBLISHED
CVSS 7.5 HIGH
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | golang-1.19 | 0, 0, 0 |
| Debian:11 | golang-1.15 | 0, 1.15.15-1, 1.15.15-1 |
Exploit Intelligence
- .trivyignore.yml (github-poc)
Timeline
- Feb 28, 2023 CVE Published
- Apr 28, 2026 CVE Updated