Description
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
Exploits (1)
References (16)
Core 16
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://groups.google.com/g/golang-announce
Release Notes, Vendor Advisory x_refsource_misc
https://golang.org/doc/devel/release#go1.16.minor
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Mailing List, Release Notes, Third Party Advisory x_refsource_misc
https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210813-0005/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-02
Scores
CVSS v3
6.5
EPSS
0.0092
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-295
Status
published
Products (7)
fedoraproject/fedora
33
fedoraproject/fedora
34
golang/go
< 1.15.14
netapp/cloud_insights_telegraf
netapp/storagegrid
netapp/trident
oracle/timesten_in-memory_database
< 21.1.1.1.0
Published
Jul 15, 2021
Tracked Since
Feb 18, 2026