The crypto/tls package of Go up to and including 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
netapp storagegrid - |
||
netapp trident - |
||
netapp cloud insights telegraf - |
||
oracle timesten in-memory database |