Medium severity5.9NVD Advisory· Published Mar 5, 2024· Updated Apr 15, 2026

CVE-2024-24783

Description

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2024/03/08/4nvd
go.dev/cl/569339nvd
go.dev/issue/65390nvd
groups.google.com/g/golang-announce/c/5pwGVUPoMbgnvd
pkg.go.dev/vuln/GO-2024-2598nvd
security.netapp.com/advisory/ntap-20240329-0005/nvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000