Medium severity6.5NVD Advisory· Published Jul 15, 2021· Updated Jun 17, 2026
CVE-2021-34558
CVE-2021-34558
Description
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- Go/Godescription
- Range: <=1.16.5
- osv-coords18 versionspkg:bitnami/golangpkg:rpm/almalinux/grafanapkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/opensuse/go1.15&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.15&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.15&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.16&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
< 1.15.14+ 17 more
- (no CPE)range: < 1.15.14
- (no CPE)range: < 7.5.9-4.el8
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 1.15.14-lp152.23.1
- (no CPE)range: < 1.15.14-1.36.1
- (no CPE)range: < 1.15.15-1.2
- (no CPE)range: < 1.16.6-lp152.5.1
- (no CPE)range: < 1.16.6-1.20.1
- (no CPE)range: < 1.16.8-1.1
- (no CPE)range: < 1.15.14-1.36.1
- (no CPE)range: < 1.15.14-1.36.1
- (no CPE)range: < 1.16.6-1.20.1
- (no CPE)range: < 1.16.6-1.20.1
Patches
Vulnerability mechanics
References
16- www.oracle.com/security-alerts/cpujan2022.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party Advisory
- golang.org/doc/devel/releasenvdRelease NotesVendor Advisory
- groups.google.com/g/golang-announcenvdMailing ListThird Party Advisory
- groups.google.com/g/golang-announce/c/n9FxMelZGAQnvdMailing ListRelease NotesThird Party Advisory
- security.gentoo.org/glsa/202208-02nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20210813-0005/nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/nvd
News mentions
0No linked articles in our index yet.