blob: 3634ea58331e9367bea1baa73024392c2a8d370a [file] [log] [blame]
packages:
- module: std
package: crypto/x509
symbols:
- Certificate.systemVerify
versions:
- fixed: 1.13.13
- introduced: 1.14.0
fixed: 1.14.5
description: |
On Windows, if VerifyOptions.Roots is nil, Certificate.Verify
does not check the EKU requirements specified in VerifyOptions.KeyUsages.
This may allow a certificate to be used for an unintended purpose.
published: 2022-02-17T17:46:03Z
cves:
- CVE-2020-14039
credit: Niall Newman
os:
- windows
links:
pr: https://go.dev/cl/242597
commit: https://go.googlesource.com/go/+/82175e699a2e2cd83d3aa34949e9b922d66d52f5
context:
- https://go.dev/issue/39360
- https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w