{"api_version":"1","generated_at":"2026-04-23T00:59:16+00:00","cve":"CVE-2022-41724","urls":{"html":"https://cve.report/CVE-2022-41724","api":"https://cve.report/api/cve/CVE-2022-41724.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-41724","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-41724"},"summary":{"title":"CVE-2022-41724","description":"Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).","state":"PUBLIC","assigner":"security@golang.org","published_at":"2023-02-28 18:15:00","updated_at":"2023-11-25 11:15:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202311-09","name":"https://security.gentoo.org/glsa/202311-09","refsource":"","tags":[],"title":"Go: Multiple Vulnerabilities (GLSA 202311-09) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://go.dev/cl/468125","name":"https://go.dev/cl/468125","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://go.dev/issue/58001","name":"https://go.dev/issue/58001","refsource":"MISC","tags":[],"title":"crypto/tls: large handshake records may cause panics (CVE-2022-41724) · Issue #58001 · golang/go · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://pkg.go.dev/vuln/GO-2023-1570","name":"https://pkg.go.dev/vuln/GO-2023-1570","refsource":"MISC","tags":[],"title":"GO-2023-1570 - Go Packages","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E","name":"https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E","refsource":"MISC","tags":[],"title":"[security] Go 1.20.1 and Go 1.19.6 are released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-41724","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41724","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"41724","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"golang","cpe5":"go","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"41724","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"golang","cpe5":"go","cpe6":"1.20.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"41724","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"golang","cpe5":"go","cpe6":"1.20.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"41724","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"golang","cpe5":"go","cpe6":"1.20.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"41724","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"golang","cpe5":"go","cpe6":"1.20.0","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-41724","qid":"160699","title":"Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2023-3083)"},{"cve":"CVE-2022-41724","qid":"161061","title":"Oracle Enterprise Linux Security Update for skopeo (ELSA-2023-6363)"},{"cve":"CVE-2022-41724","qid":"161062","title":"Oracle Enterprise Linux Security Update for containernetworking-plugins (ELSA-2023-6402)"},{"cve":"CVE-2022-41724","qid":"161063","title":"Oracle Enterprise Linux Security Update for podman (ELSA-2023-6474)"},{"cve":"CVE-2022-41724","qid":"161105","title":"Oracle Enterprise Linux Security Update for buildah (ELSA-2023-6473)"},{"cve":"CVE-2022-41724","qid":"161114","title":"Oracle Enterprise Linux Security Update for runc (ELSA-2023-6380)"},{"cve":"CVE-2022-41724","qid":"161175","title":"Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2023-6939)"},{"cve":"CVE-2022-41724","qid":"161187","title":"Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-6938)"},{"cve":"CVE-2022-41724","qid":"183321","title":"Debian Security Update for golang-1.19 (CVE-2022-41724)"},{"cve":"CVE-2022-41724","qid":"199396","title":"Ubuntu Security Notification for Go Vulnerabilities (USN-6140-1)"},{"cve":"CVE-2022-41724","qid":"241473","title":"Red Hat Update for go-toolset:rhel8 (RHSA-2023:3083)"},{"cve":"CVE-2022-41724","qid":"241546","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1325)"},{"cve":"CVE-2022-41724","qid":"241562","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3303)"},{"cve":"CVE-2022-41724","qid":"241582","title":"Red Hat Update for OpenStack Platform 16.2 (RHSA-2023:3445)"},{"cve":"CVE-2022-41724","qid":"241623","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3366)"},{"cve":"CVE-2022-41724","qid":"241745","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3612)"},{"cve":"CVE-2022-41724","qid":"242287","title":"Red Hat Update for buildah (RHSA-2023:6473)"},{"cve":"CVE-2022-41724","qid":"242299","title":"Red Hat Update for containernetworking-plugins (RHSA-2023:6402)"},{"cve":"CVE-2022-41724","qid":"242301","title":"Red Hat Update for runc (RHSA-2023:6380)"},{"cve":"CVE-2022-41724","qid":"242319","title":"Red Hat Update for skopeo (RHSA-2023:6363)"},{"cve":"CVE-2022-41724","qid":"242335","title":"Red Hat Update for podman security (RHSA-2023:6474)"},{"cve":"CVE-2022-41724","qid":"242365","title":"Red Hat Update for OpenStack Platform 16.2.5 (RHSA-2023:5964)"},{"cve":"CVE-2022-41724","qid":"242415","title":"Red Hat Update for container-tools:rhel8 (RHSA-2023:6939)"},{"cve":"CVE-2022-41724","qid":"242458","title":"Red Hat Update for container-tools:4.0 (RHSA-2023:6938)"},{"cve":"CVE-2022-41724","qid":"354890","title":"Amazon Linux Security Advisory for golang : ALAS2-2023-2015"},{"cve":"CVE-2022-41724","qid":"354901","title":"Amazon Linux Security Advisory for golang : ALAS-2023-1731"},{"cve":"CVE-2022-41724","qid":"355216","title":"Amazon Linux Security Advisory for golang : ALAS2023-2023-175"},{"cve":"CVE-2022-41724","qid":"355697","title":"Amazon Linux Security Advisory for golang : ALAS2-2023-2163"},{"cve":"CVE-2022-41724","qid":"355797","title":"Amazon Linux Security Advisory for containerd : ALAS2NITRO-ENCLAVES-2023-026"},{"cve":"CVE-2022-41724","qid":"355837","title":"Amazon Linux Security Advisory for containerd : ALAS2DOCKER-2023-029"},{"cve":"CVE-2022-41724","qid":"356304","title":"Amazon Linux Security Advisory for golang : ALASGOLANG1.19-2023-002"},{"cve":"CVE-2022-41724","qid":"379641","title":"Alibaba Cloud Linux Security Update for container-tools:rhel8 (ALINUX3-SA-2024:0050)"},{"cve":"CVE-2022-41724","qid":"502861","title":"Alpine Linux Security Update for go"},{"cve":"CVE-2022-41724","qid":"503186","title":"Alpine Linux Security Update for go"},{"cve":"CVE-2022-41724","qid":"506079","title":"Alpine Linux Security Update for go"},{"cve":"CVE-2022-41724","qid":"672934","title":"EulerOS Security Update for golang (EulerOS-SA-2023-1822)"},{"cve":"CVE-2022-41724","qid":"672950","title":"EulerOS Security Update for golang (EulerOS-SA-2023-1804)"},{"cve":"CVE-2022-41724","qid":"673123","title":"EulerOS Security Update for golang (EulerOS-SA-2023-2292)"},{"cve":"CVE-2022-41724","qid":"673132","title":"EulerOS Security Update for golang (EulerOS-SA-2023-2268)"},{"cve":"CVE-2022-41724","qid":"691061","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for go (3d73e384-ad1f-11ed-983c-83fe35862e3a)"},{"cve":"CVE-2022-41724","qid":"710791","title":"Gentoo Linux Go Multiple Vulnerabilities (GLSA 202311-09)"},{"cve":"CVE-2022-41724","qid":"753772","title":"SUSE Enterprise Linux Security Update for go1.19 (SUSE-SU-2023:0733-1)"},{"cve":"CVE-2022-41724","qid":"753836","title":"SUSE Enterprise Linux Security Update for go1.18 (SUSE-SU-2023:0869-1)"},{"cve":"CVE-2022-41724","qid":"753839","title":"SUSE Enterprise Linux Security Update for container-suseconnect (SUSE-SU-2023:0871-1)"},{"cve":"CVE-2022-41724","qid":"754047","title":"SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)"},{"cve":"CVE-2022-41724","qid":"770186","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:1325)"},{"cve":"CVE-2022-41724","qid":"770188","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3303)"},{"cve":"CVE-2022-41724","qid":"770189","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3366)"},{"cve":"CVE-2022-41724","qid":"770195","title":"Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3612)"},{"cve":"CVE-2022-41724","qid":"905638","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for gcc (13716)"},{"cve":"CVE-2022-41724","qid":"905639","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for golang (13718)"},{"cve":"CVE-2022-41724","qid":"905644","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for gcc (13728)"},{"cve":"CVE-2022-41724","qid":"905649","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for golang (13731)"},{"cve":"CVE-2022-41724","qid":"905650","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for msft-golang (13737)"},{"cve":"CVE-2022-41724","qid":"907045","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for msft-golang (13737-1)"},{"cve":"CVE-2022-41724","qid":"907354","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for golang (13731-1)"},{"cve":"CVE-2022-41724","qid":"907743","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for golang (13718-1)"},{"cve":"CVE-2022-41724","qid":"907793","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for golang (13731-2)"},{"cve":"CVE-2022-41724","qid":"941076","title":"AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2023:3083)"},{"cve":"CVE-2022-41724","qid":"941383","title":"AlmaLinux Security Update for containernetworking-plugins (ALSA-2023:6402)"},{"cve":"CVE-2022-41724","qid":"941386","title":"AlmaLinux Security Update for buildah (ALSA-2023:6473)"},{"cve":"CVE-2022-41724","qid":"941399","title":"AlmaLinux Security Update for podman (ALSA-2023:6474)"},{"cve":"CVE-2022-41724","qid":"941400","title":"AlmaLinux Security Update for runc (ALSA-2023:6380)"},{"cve":"CVE-2022-41724","qid":"941405","title":"AlmaLinux Security Update for skopeo (ALSA-2023:6363)"},{"cve":"CVE-2022-41724","qid":"941444","title":"AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:6938)"},{"cve":"CVE-2022-41724","qid":"941481","title":"AlmaLinux Security Update for container-tools:rhel8 (ALSA-2023:6939)"},{"cve":"CVE-2022-41724","qid":"960933","title":"Rocky Linux Security Update for go-toolset:Rocky (RLSA-2023:3083)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-41724","ASSIGNER":"security@golang.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400: Uncontrolled Resource Consumption"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Go standard library","product":{"product_data":[{"product_name":"crypto/tls","version":{"version_data":[{"version_affected":"<","version_name":"0","version_value":"1.19.6"},{"version_affected":"<","version_name":"1.20.0-0","version_value":"1.20.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://go.dev/issue/58001","refsource":"MISC","name":"https://go.dev/issue/58001"},{"url":"https://go.dev/cl/468125","refsource":"MISC","name":"https://go.dev/cl/468125"},{"url":"https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E","refsource":"MISC","name":"https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"},{"url":"https://pkg.go.dev/vuln/GO-2023-1570","refsource":"MISC","name":"https://pkg.go.dev/vuln/GO-2023-1570"}]},"credits":[{"lang":"en","value":"Marten Seemann"}]},"nvd":{"publishedDate":"2023-02-28 18:15:00","lastModifiedDate":"2023-11-25 11:15:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:golang:go:1.20.0:rc3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:golang:go:1.20.0:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:golang:go:1.20.0:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:golang:go:1.20.0:-:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}