High severity7.5NVD Advisory· Published Mar 16, 2020· Updated Jun 17, 2026
CVE-2020-7919
CVE-2020-7919
Description
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/helm/helmGo | >= 2.0.0, < 2.16.8 | 2.16.8 |
helm.sh/helm/v3Go | >= 3.0.0, < 3.1.0 | 3.1.0 |
golang.org/x/cryptoGo | < 0.0.0-20200124225646-8b5121be2f68 | 0.0.0-20200124225646-8b5121be2f68 |
Affected products
12- Go/Godescription
- osv-coords11 versionspkg:apk/chainguard/dex-k8s-authenticatorpkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:bitnami/golangpkg:golang/github.com/helm/helmpkg:golang/golang.org/x/cryptopkg:golang/helm.sh/helm/v3
< 1.4.0-r35+ 10 more
- (no CPE)range: < 1.4.0-r35
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: >= 1.12.0, < 1.12.6
- (no CPE)range: >= 2.0.0, < 2.16.8
- (no CPE)range: < 0.0.0-20200124225646-8b5121be2f68
- (no CPE)range: >= 3.0.0, < 3.1.0
Patches
Vulnerability mechanics
References
21- github.com/advisories/GHSA-cjjc-xp8v-855wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7919ghsaADVISORY
- security.netapp.com/advisory/ntap-20200327-0001/nvdThird Party Advisory
- www.debian.org/security/2021/dsa-4848nvdThird Party AdvisoryWEB
- github.com/helm/helm/security/advisories/GHSA-cjjc-xp8v-855wghsaWEB
- go.dev/cl/216677ghsaWEB
- go.dev/cl/216680ghsaWEB
- go.dev/issue/36837ghsaWEB
- go.googlesource.com/go/+/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574ghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/g/golang-announce/c/Hsw4mHYc470ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBCghsaWEB
- pkg.go.dev/vuln/GO-2022-0229ghsaWEB
- security.netapp.com/advisory/ntap-20200327-0001ghsaWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdWEB
- groups.google.com/forum/nvd
- groups.google.com/forum/nvd
- groups.google.com/forum/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBC/nvd
News mentions
0No linked articles in our index yet.