data/reports/GO-2022-0434.yaml - vulndb - Git at Google

 id: GO-2022-0434
 modules:
     - module: std
       versions:
         - introduced: 1.18.0-0
           fixed: 1.18.1
       vulnerable_at: 1.18.0
       packages:
         - package: crypto/x509
           goos:
             - darwin
           symbols:
             - Certificate.Verify
 summary: Panic during certificate parsing on Darwin in crypto/x509
 description: |-
     Verifying certificate chains containing certificates which are not compliant
     with RFC 5280 causes Certificate.Verify to panic on macOS.

     These chains can be delivered through TLS and can cause a crypto/tls or net/http
     client to crash.
 published: 2022-05-23T21:59:00Z
 cves:
     - CVE-2022-27536
 credits:
     - Tailscale
 references:
     - fix: https://go.dev/cl/393655
     - fix: https://go.googlesource.com/go/+/0fca8a8f25cf4636fd980e72ba0bded4230922de
     - report: https://go.dev/issue/51759
     - web: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
	id: GO-2022-0434
	modules:
	- module: std
	versions:
	- introduced: 1.18.0-0
	fixed: 1.18.1
	vulnerable_at: 1.18.0
	packages:
	- package: crypto/x509
	goos:
	- darwin
	symbols:
	- Certificate.Verify
	summary: Panic during certificate parsing on Darwin in crypto/x509
	description: \|-
	Verifying certificate chains containing certificates which are not compliant
	with RFC 5280 causes Certificate.Verify to panic on macOS.

	These chains can be delivered through TLS and can cause a crypto/tls or net/http
	client to crash.
	published: 2022-05-23T21:59:00Z
	cves:
	- CVE-2022-27536
	credits:
	- Tailscale
	references:
	- fix: https://go.dev/cl/393655
	- fix: https://go.googlesource.com/go/+/0fca8a8f25cf4636fd980e72ba0bded4230922de
	- report: https://go.dev/issue/51759
	- web: https://groups.google.com/g/golang-announce/c/oecdBNLOml8