reports/GO-2021-0243.yaml - vulndb - Git at Google

 packages:
   - module: std
     package: crypto/tls
     symbols:
       - rsaKeyAgreement.generateClientKeyExchange
     versions:
       - fixed: go1.15.14
       - fixed: go1.16.6
       - fixed: go1.17.0
 description: |
     crypto/tls clients can panic when provided a certificate of the
     wrong type for the negotiated parameters. net/http clients
     performing HTTPS requests are also affected.
 published: 2022-02-17T17:32:57Z
 cves:
   - CVE-2021-34558
 credit: Imre Rad
 links:
     pr: https://go.dev/cl/334031
     commit: https://go.googlesource.com/go/+/a98589711da5e9d935e8d690cfca92892e86d557
     context:
       - https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
       - https://go.dev/issue/47143
	packages:
	- module: std
	package: crypto/tls
	symbols:
	- rsaKeyAgreement.generateClientKeyExchange
	versions:
	- fixed: go1.15.14
	- fixed: go1.16.6
	- fixed: go1.17.0
	description: \|
	crypto/tls clients can panic when provided a certificate of the
	wrong type for the negotiated parameters. net/http clients
	performing HTTPS requests are also affected.
	published: 2022-02-17T17:32:57Z
	cves:
	- CVE-2021-34558
	credit: Imre Rad
	links:
	pr: https://go.dev/cl/334031
	commit: https://go.googlesource.com/go/+/a98589711da5e9d935e8d690cfca92892e86d557
	context:
	- https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
	- https://go.dev/issue/47143