reports/GO-2022-0434.yaml - vulndb - Git at Google

 packages:
   - module: std
     package: crypto/x509
     symbols:
       - Certificate.Verify
     versions:
       - fixed: 1.17.9
       - introduced: 1.18
         fixed: 1.18.1
 description: |
     Verifying certificate chains containing certificates which are not compliant
     with RFC 5280 causes Certificate.Verify to panic on macOS.

     These chains can be delivered through TLS and can cause a crypto/tls or
     net/http client to crash.
 cves:
   - CVE-2022-27536
 credit: Tailscale
 links:
     pr: https://go.dev/cl/393655
     commit: https://go.googlesource.com/go/+/0fca8a8f25cf4636fd980e72ba0bded4230922de
     context:
       - https://go.dev/issue/51759
       - https://groups.google.com/g/golang-announce/c/oecdBNLOml8
	packages:
	- module: std
	package: crypto/x509
	symbols:
	- Certificate.Verify
	versions:
	- fixed: 1.17.9
	- introduced: 1.18
	fixed: 1.18.1
	description: \|
	Verifying certificate chains containing certificates which are not compliant
	with RFC 5280 causes Certificate.Verify to panic on macOS.

	These chains can be delivered through TLS and can cause a crypto/tls or
	net/http client to crash.
	cves:
	- CVE-2022-27536
	credit: Tailscale
	links:
	pr: https://go.dev/cl/393655
	commit: https://go.googlesource.com/go/+/0fca8a8f25cf4636fd980e72ba0bded4230922de
	context:
	- https://go.dev/issue/51759
	- https://groups.google.com/g/golang-announce/c/oecdBNLOml8