Unrated severityNVD Advisory· Published Jul 15, 2021· Updated Aug 4, 2024
CVE-2021-34558
CVE-2021-34558
Description
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
Affected products
19- Go/Godescription
- osv-coords18 versionspkg:bitnami/golangpkg:rpm/almalinux/grafanapkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/opensuse/go1.15&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.15&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.15&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.16&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
< 1.15.14+ 17 more
- (no CPE)range: < 1.15.14
- (no CPE)range: < 7.5.9-4.el8
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 2:4.2.0-3.el9
- (no CPE)range: < 1.15.14-lp152.23.1
- (no CPE)range: < 1.15.14-1.36.1
- (no CPE)range: < 1.15.15-1.2
- (no CPE)range: < 1.16.6-lp152.5.1
- (no CPE)range: < 1.16.6-1.20.1
- (no CPE)range: < 1.16.8-1.1
- (no CPE)range: < 1.15.14-1.36.1
- (no CPE)range: < 1.15.14-1.36.1
- (no CPE)range: < 1.16.6-1.20.1
- (no CPE)range: < 1.16.6-1.20.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202208-02mitrevendor-advisoryx_refsource_GENTOO
- golang.org/doc/devel/releasemitrex_refsource_MISC
- groups.google.com/g/golang-announcemitrex_refsource_MISC
- groups.google.com/g/golang-announce/c/n9FxMelZGAQmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210813-0005/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpujan2022.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2021.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.