| { |
| "id": "GO-2023-1570", |
| "published": "0001-01-01T00:00:00Z", |
| "modified": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2022-41724" |
| ], |
| "details": "Large handshake records may cause panics in crypto/tls.\n\nBoth clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses.\n\nThis affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", |
| "affected": [ |
| { |
| "package": { |
| "name": "stdlib", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "1.19.6" |
| }, |
| { |
| "introduced": "1.20.0" |
| }, |
| { |
| "fixed": "1.20.1" |
| } |
| ] |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2023-1570" |
| }, |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "crypto/tls", |
| "symbols": [ |
| "Conn.Handshake", |
| "Conn.HandshakeContext", |
| "Conn.Read", |
| "Conn.Write", |
| "Conn.clientHandshake", |
| "Conn.handleKeyUpdate", |
| "Conn.handlePostHandshakeMessage", |
| "Conn.handleRenegotiation", |
| "Conn.loadSession", |
| "Conn.readClientHello", |
| "Conn.readHandshake", |
| "Conn.writeRecord", |
| "ConnectionState.ExportKeyingMaterial", |
| "Dial", |
| "DialWithDialer", |
| "Dialer.Dial", |
| "Dialer.DialContext", |
| "certificateMsg.marshal", |
| "certificateMsgTLS13.marshal", |
| "certificateRequestMsg.marshal", |
| "certificateRequestMsgTLS13.marshal", |
| "certificateStatusMsg.marshal", |
| "certificateVerifyMsg.marshal", |
| "cipherSuiteTLS13.expandLabel", |
| "clientHandshakeState.doFullHandshake", |
| "clientHandshakeState.handshake", |
| "clientHandshakeState.readFinished", |
| "clientHandshakeState.readSessionTicket", |
| "clientHandshakeState.sendFinished", |
| "clientHandshakeStateTLS13.handshake", |
| "clientHandshakeStateTLS13.processHelloRetryRequest", |
| "clientHandshakeStateTLS13.readServerCertificate", |
| "clientHandshakeStateTLS13.readServerFinished", |
| "clientHandshakeStateTLS13.readServerParameters", |
| "clientHandshakeStateTLS13.sendClientCertificate", |
| "clientHandshakeStateTLS13.sendClientFinished", |
| "clientHandshakeStateTLS13.sendDummyChangeCipherSpec", |
| "clientHelloMsg.marshal", |
| "clientHelloMsg.marshalWithoutBinders", |
| "clientHelloMsg.updateBinders", |
| "clientKeyExchangeMsg.marshal", |
| "encryptedExtensionsMsg.marshal", |
| "endOfEarlyDataMsg.marshal", |
| "finishedMsg.marshal", |
| "handshakeMessage.marshal", |
| "helloRequestMsg.marshal", |
| "keyUpdateMsg.marshal", |
| "newSessionTicketMsg.marshal", |
| "newSessionTicketMsgTLS13.marshal", |
| "serverHandshakeState.doFullHandshake", |
| "serverHandshakeState.doResumeHandshake", |
| "serverHandshakeState.readFinished", |
| "serverHandshakeState.sendFinished", |
| "serverHandshakeState.sendSessionTicket", |
| "serverHandshakeStateTLS13.checkForResumption", |
| "serverHandshakeStateTLS13.doHelloRetryRequest", |
| "serverHandshakeStateTLS13.readClientCertificate", |
| "serverHandshakeStateTLS13.readClientFinished", |
| "serverHandshakeStateTLS13.sendDummyChangeCipherSpec", |
| "serverHandshakeStateTLS13.sendServerCertificate", |
| "serverHandshakeStateTLS13.sendServerFinished", |
| "serverHandshakeStateTLS13.sendServerParameters", |
| "serverHandshakeStateTLS13.sendSessionTickets", |
| "serverHelloDoneMsg.marshal", |
| "serverHelloMsg.marshal", |
| "serverKeyExchangeMsg.marshal", |
| "sessionState.marshal", |
| "sessionStateTLS13.marshal" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "REPORT", |
| "url": "https://go.dev/issue/58001" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://go.dev/cl/468125" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" |
| } |
| ], |
| "credits": [ |
| { |
| "name": "Marten Seemann" |
| } |
| ], |
| "schema_version": "1.3.1" |
| } |