blob: ce709c8f1ac359b97e3f9639c9e546c72ea7459b [file] [log] [blame]
id: GO-2022-0434
modules:
- module: std
versions:
- introduced: 1.18.0-0
fixed: 1.18.1
vulnerable_at: 1.18.0
packages:
- package: crypto/x509
goos:
- darwin
symbols:
- Certificate.Verify
summary: Panic during certificate parsing on Darwin in crypto/x509
description: |-
Verifying certificate chains containing certificates which are not compliant
with RFC 5280 causes Certificate.Verify to panic on macOS.
These chains can be delivered through TLS and can cause a crypto/tls or net/http
client to crash.
published: 2022-05-23T21:59:00Z
cves:
- CVE-2022-27536
credits:
- Tailscale
references:
- fix: https://go.dev/cl/393655
- fix: https://go.googlesource.com/go/+/0fca8a8f25cf4636fd980e72ba0bded4230922de
- report: https://go.dev/issue/51759
- web: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
review_status: REVIEWED