Unrated severityNVD Advisory· Published Oct 7, 2014· Updated May 6, 2026

CVE-2014-7189

Description

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

Affected products

Golang/Go8 versions
cpe:2.3:a:golang:go:1.1:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:golang:go:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:golang:go:1.3.1:*:*:*:*:*:*:*
osv-coords6 versions
pkg:rpm/opensuse/go1.10&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go1.11&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go1.12&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go1.4&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go1.9&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go&distro=openSUSE%20Tumbleweed
< 1.10.8-8.2+ 5 more
- (no CPE)range: < 1.10.8-8.2
- (no CPE)range: < 1.11.13-10.5
- (no CPE)range: < 1.12.17-4.8
- (no CPE)range: < 1.4.3-12.2
- (no CPE)range: < 1.9.7-11.2
- (no CPE)range: < 1.7.0-2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000