Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-24783

Published: 05/03/2024 Updated: 01/05/2024

Vulnerability Summary

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

Mailing Lists

Full Disclosure: 5 CVEs fixed in Go 1.22.1 and Go 1.21.8, 1 CVE fixed in google.golang.org/protobuf
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> 5 CVEs fixed in Go 1221 and Go 1218, 1 CVE fixed in googlegolangorg/protobuf <!--X-Subject-Header-End--> <!--X-Head-of-M ...

References

https://go.dev/issue/65390https://go.dev/cl/569339https://groups.google.com/g/golang-announce/c/5pwGVUPoMbghttps://pkg.go.dev/vuln/GO-2024-2598https://security.netapp.com/advisory/ntap-20240329-0005/http://www.openwall.com/lists/oss-security/2024/03/08/4https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/197
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook