| packages: |
| - module: std |
| package: crypto/tls |
| symbols: |
| - rsaKeyAgreement.generateClientKeyExchange |
| versions: |
| - fixed: 1.15.14 |
| - introduced: 1.16.0 |
| fixed: 1.16.6 |
| description: | |
| crypto/tls clients can panic when provided a certificate of the |
| wrong type for the negotiated parameters. net/http clients |
| performing HTTPS requests are also affected. |
| published: 2022-02-17T17:32:57Z |
| cves: |
| - CVE-2021-34558 |
| credit: Imre Rad |
| links: |
| pr: https://go.dev/cl/334031 |
| commit: https://go.googlesource.com/go/+/a98589711da5e9d935e8d690cfca92892e86d557 |
| context: |
| - https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ |
| - https://go.dev/issue/47143 |