| { |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0", |
| "cveMetadata": { |
| "cveId": "CVE-2024-45341" |
| }, |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc" |
| }, |
| "title": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs." |
| } |
| ], |
| "affected": [ |
| { |
| "vendor": "Go standard library", |
| "product": "crypto/x509", |
| "collectionURL": "https://pkg.go.dev", |
| "packageName": "crypto/x509", |
| "versions": [ |
| { |
| "version": "0", |
| "lessThan": "1.22.11", |
| "status": "affected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "1.23.0-0", |
| "lessThan": "1.23.5", |
| "status": "affected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "1.24.0-0", |
| "lessThan": "1.24.0-rc.2", |
| "status": "affected", |
| "versionType": "semver" |
| } |
| ], |
| "programRoutines": [ |
| { |
| "name": "matchURIConstraint" |
| }, |
| { |
| "name": "CertPool.AppendCertsFromPEM" |
| }, |
| { |
| "name": "Certificate.CheckCRLSignature" |
| }, |
| { |
| "name": "Certificate.CheckSignature" |
| }, |
| { |
| "name": "Certificate.CheckSignatureFrom" |
| }, |
| { |
| "name": "Certificate.CreateCRL" |
| }, |
| { |
| "name": "Certificate.Verify" |
| }, |
| { |
| "name": "Certificate.VerifyHostname" |
| }, |
| { |
| "name": "CertificateRequest.CheckSignature" |
| }, |
| { |
| "name": "CreateCertificate" |
| }, |
| { |
| "name": "CreateCertificateRequest" |
| }, |
| { |
| "name": "CreateRevocationList" |
| }, |
| { |
| "name": "DecryptPEMBlock" |
| }, |
| { |
| "name": "EncryptPEMBlock" |
| }, |
| { |
| "name": "HostnameError.Error" |
| }, |
| { |
| "name": "MarshalECPrivateKey" |
| }, |
| { |
| "name": "MarshalPKCS1PrivateKey" |
| }, |
| { |
| "name": "MarshalPKCS1PublicKey" |
| }, |
| { |
| "name": "MarshalPKCS8PrivateKey" |
| }, |
| { |
| "name": "MarshalPKIXPublicKey" |
| }, |
| { |
| "name": "ParseCRL" |
| }, |
| { |
| "name": "ParseCertificate" |
| }, |
| { |
| "name": "ParseCertificateRequest" |
| }, |
| { |
| "name": "ParseCertificates" |
| }, |
| { |
| "name": "ParseDERCRL" |
| }, |
| { |
| "name": "ParseECPrivateKey" |
| }, |
| { |
| "name": "ParsePKCS1PrivateKey" |
| }, |
| { |
| "name": "ParsePKCS1PublicKey" |
| }, |
| { |
| "name": "ParsePKCS8PrivateKey" |
| }, |
| { |
| "name": "ParsePKIXPublicKey" |
| }, |
| { |
| "name": "ParseRevocationList" |
| }, |
| { |
| "name": "RevocationList.CheckSignatureFrom" |
| }, |
| { |
| "name": "SetFallbackRoots" |
| }, |
| { |
| "name": "SystemCertPool" |
| } |
| ], |
| "defaultStatus": "unaffected" |
| } |
| ], |
| "problemTypes": [ |
| { |
| "descriptions": [ |
| { |
| "lang": "en", |
| "description": "CWE-295: Improper Certificate Validation" |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://go.dev/cl/643099" |
| }, |
| { |
| "url": "https://go.dev/issue/71156" |
| }, |
| { |
| "url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ" |
| }, |
| { |
| "url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ" |
| }, |
| { |
| "url": "https://pkg.go.dev/vuln/GO-2025-3373" |
| } |
| ], |
| "credits": [ |
| { |
| "lang": "en", |
| "value": "Juho Forsén of Mattermost" |
| } |
| ] |
| } |
| } |
| } |
