blob: 6281fc8ec21a58fb8116c0d9ad4cdbece3677851 [file] [log] [blame]
packages:
- module: std
package: crypto/tls
symbols:
- rsaKeyAgreement.generateClientKeyExchange
versions:
- fixed: 1.15.14
- introduced: 1.16.0
fixed: 1.16.6
description: |
crypto/tls clients can panic when provided a certificate of the
wrong type for the negotiated parameters. net/http clients
performing HTTPS requests are also affected.
published: 2022-02-17T17:32:57Z
cves:
- CVE-2021-34558
credit: Imre Rad
links:
pr: https://go.dev/cl/334031
commit: https://go.googlesource.com/go/+/a98589711da5e9d935e8d690cfca92892e86d557
context:
- https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
- https://go.dev/issue/47143