Open mend-bolt-for-github[bot] opened 9 months ago
github.com/google/certificate-transparency-go-v1.0.10
Auditing for TLS certificates (Go code)
Library home page: https://proxy.golang.org/github.com/google/certificate-transparency-go/@v/v1.0.10.zip
Dependency Hierarchy: - :x: **github.com/google/certificate-transparency-go-v1.0.10** (Vulnerable Library)
CFSSL: Cloudflare's PKI and TLS toolkit
Dependency Hierarchy: - :x: **github.com/cloudflare/cfssl-1.3.2** (Vulnerable Library)
Found in HEAD commit: cd87321da747fd23c6285641b10b0432943dfed6
Found in base branch: master
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
Publish Date: 2022-04-20
URL: CVE-2022-27536
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27536
Release Date: 2022-04-20
Fix Resolution: go1.18.1
Step up your Open Source Security Game with Mend here
CVE-2022-27536 - High Severity Vulnerability
Vulnerable Libraries - github.com/google/certificate-transparency-go-v1.0.10, github.com/cloudflare/cfssl-1.3.2
github.com/google/certificate-transparency-go-v1.0.10
Auditing for TLS certificates (Go code)
Library home page: https://proxy.golang.org/github.com/google/certificate-transparency-go/@v/v1.0.10.zip
Dependency Hierarchy: - :x: **github.com/google/certificate-transparency-go-v1.0.10** (Vulnerable Library)
github.com/cloudflare/cfssl-1.3.2
CFSSL: Cloudflare's PKI and TLS toolkit
Dependency Hierarchy: - :x: **github.com/cloudflare/cfssl-1.3.2** (Vulnerable Library)
Found in HEAD commit: cd87321da747fd23c6285641b10b0432943dfed6
Found in base branch: master
Vulnerability Details
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
Publish Date: 2022-04-20
URL: CVE-2022-27536
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27536
Release Date: 2022-04-20
Fix Resolution: go1.18.1
Step up your Open Source Security Game with Mend here