CVE-2022-27536
Summary
| CVE | CVE-2022-27536 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-20 10:15:00 UTC |
| Updated | 2023-03-09 19:15:00 UTC |
| Description | Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. |
Risk And Classification
Problem Types: CWE-295
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security] Go 1.18.1 and Go 1.17.9 are released | MISC | groups.google.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf | MISC | cert-portal.siemens.com | |
| CVE-2022-27536 Golang Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Go: Multiple Vulnerabilities (GLSA 202208-02) — Gentoo security | GENTOO | security.gentoo.org | |
| golang-announce - Google Groups | MISC | groups.google.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159981 Oracle Enterprise Linux Security Update for go-toolset:ol8addon (ELSA-2022-17956)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 502300 Alpine Linux Security Update for go
- 690861 Free Berkeley Software Distribution (FreeBSD) Security Update for go (61bce714-ca0c-11ec-9cfc-10c37b4ac2ea)
- 710584 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202208-02)
- 753094 SUSE Enterprise Linux Security Update for go1.18 (SUSE-SU-2022:1410-1)
- 754047 SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)