Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-34558

Related Vulnerabilities: CVE-2021-34558  

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Source

Description

The MITRE CVE dictionary describes this issue as:

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Additional Information

  • Bugzilla 1983596: CVE-2021-34558 golang: specially-crafted TLS server is causing TLS client to panic
  • FAQ: Frequently asked questions about CVE-2021-34558

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started