Blame - data/reports/GO-2022-0229.yaml - vulndb

blob: 1f30963f96acf9db966c914b6bde7885cd12b9fb [file] [log] [blame]

Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	1	modules:
Damien Neil	fa4a6e7	2022-06-29 16:41:22 -0700	[diff] [blame]	2	- module: std
Damien Neil	fa4a6e7	2022-06-29 16:41:22 -0700	[diff] [blame]	3	versions:
				4	- fixed: 1.12.16
				5	- introduced: 1.13.0
				6	fixed: 1.13.7
				7	vulnerable_at: 1.13.6
Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	8	packages:
				9	- package: crypto/x509
Damien Neil	fa4a6e7	2022-06-29 16:41:22 -0700	[diff] [blame]	10	- module: golang.org/x/crypto
Damien Neil	fa4a6e7	2022-06-29 16:41:22 -0700	[diff] [blame]	11	versions:
				12	- fixed: 0.0.0-20200124225646-8b5121be2f68
				13	vulnerable_at: 0.0.0-20200115085410-6d4e4cb37c7d
Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	14	packages:
				15	- package: golang.org/x/crypto/cryptobyte
Damien Neil	fa4a6e7	2022-06-29 16:41:22 -0700	[diff] [blame]	16	description: \|
				17	On 32-bit architectures, a malformed input to crypto/x509 or
				18	the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte
				19	can lead to a panic.
				20
				21	The malformed certificate can be delivered via a crypto/tls
				22	connection to a client, or to a server that accepts client
				23	certificates. net/http clients can be made to crash by an HTTPS
				24	server, while net/http servers that accept client certificates
				25	will recover the panic and are unaffected.
Damien Neil	95a417d	2022-08-17 15:39:45 -0700	[diff] [blame]	26	published: 2022-07-06T18:23:48Z
Damien Neil	fa4a6e7	2022-06-29 16:41:22 -0700	[diff] [blame]	27	cves:
				28	- CVE-2020-7919
				29	ghsas:
				30	- GHSA-cjjc-xp8v-855w
				31	credit: Project Wycheproof
Damien Neil	00e94d7	2022-08-26 14:59:35 -0700	[diff] [blame]	32	references:
				33	- fix: https://go.dev/cl/216680
				34	- fix: https://go.googlesource.com/go/+/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574
				35	- fix: https://go.dev/cl/216677
				36	- report: https://go.dev/issue/36837
				37	- web: https://groups.google.com/g/golang-announce/c/Hsw4mHYc470