reports/GO-2021-0243.yaml - vulndb - Git at Google

 module: std
 package: crypto/tls
 versions:
 - fixed: go1.15.14
 - fixed: go1.16.6
 - fixed: go1.17.0
 description: |
   crypto/tls clients can panic when provided a certificate of the
   wrong type for the negotiated parameters. net/http clients
   performing HTTPS requests are also affected.
 cves:
 - CVE-2021-34558
 credit: Imre Rad
 symbols:
 - rsaKeyAgreement.generateClientKeyExchange
 links:
   pr: https://go.dev/cl/334031
   commit: https://go.googlesource.com/go/+/a98589711da5e9d935e8d690cfca92892e86d557
   context:
   - https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
   - https://go.dev/issue/47143
	module: std
	package: crypto/tls
	versions:
	- fixed: go1.15.14
	- fixed: go1.16.6
	- fixed: go1.17.0
	description: \|
	crypto/tls clients can panic when provided a certificate of the
	wrong type for the negotiated parameters. net/http clients
	performing HTTPS requests are also affected.
	cves:
	- CVE-2021-34558
	credit: Imre Rad
	symbols:
	- rsaKeyAgreement.generateClientKeyExchange
	links:
	pr: https://go.dev/cl/334031
	commit: https://go.googlesource.com/go/+/a98589711da5e9d935e8d690cfca92892e86d557
	context:
	- https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
	- https://go.dev/issue/47143