Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-24783

Summary
Assigner-Go
Assigner Org ID-1bb62c36-49e3-4200-9d77-64a1400537cc
Published At-05 Mar, 2024 | 22:22
Updated At-13 Feb, 2025 | 17:40
Rejected At-
Credits

Verify panics on certificates with an unknown public key algorithm in crypto/x509

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Go
Assigner Org ID:1bb62c36-49e3-4200-9d77-64a1400537cc
Published At:05 Mar, 2024 | 22:22
Updated At:13 Feb, 2025 | 17:40
Rejected At:
▼CVE Numbering Authority (CNA)
Verify panics on certificates with an unknown public key algorithm in crypto/x509

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

Affected Products
Vendor
Go standard library
Product
crypto/x509
Collection URL
https://pkg.go.dev
Package Name
crypto/x509
Program Routines
  • Certificate.buildChains
  • Certificate.Verify
Default Status
unaffected
Versions
Affected
  • From 0 before 1.21.8 (semver)
  • From 1.22.0-0 before 1.22.1 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-476: NULL Pointer Dereference
Type: N/A
CWE ID: N/A
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
John Howard (Google)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://go.dev/issue/65390
N/A
https://go.dev/cl/569339
N/A
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
N/A
https://pkg.go.dev/vuln/GO-2024-2598
N/A
https://security.netapp.com/advisory/ntap-20240329-0005/
N/A
http://www.openwall.com/lists/oss-security/2024/03/08/4
N/A
Hyperlink: https://go.dev/issue/65390
Resource: N/A
Hyperlink: https://go.dev/cl/569339
Resource: N/A
Hyperlink: https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2024-2598
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20240329-0005/
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/08/4
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://go.dev/issue/65390
x_transferred
https://go.dev/cl/569339
x_transferred
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
x_transferred
https://pkg.go.dev/vuln/GO-2024-2598
x_transferred
https://security.netapp.com/advisory/ntap-20240329-0005/
x_transferred
http://www.openwall.com/lists/oss-security/2024/03/08/4
x_transferred
Hyperlink: https://go.dev/issue/65390
Resource:
x_transferred
Hyperlink: https://go.dev/cl/569339
Resource:
x_transferred
Hyperlink: https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Resource:
x_transferred
Hyperlink: https://pkg.go.dev/vuln/GO-2024-2598
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20240329-0005/
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/08/4
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@golang.org
Published At:05 Mar, 2024 | 23:15
Updated At:15 Apr, 2026 | 00:35

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-476Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-476
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2024/03/08/4security@golang.org
N/A
https://go.dev/cl/569339security@golang.org
N/A
https://go.dev/issue/65390security@golang.org
N/A
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbgsecurity@golang.org
N/A
https://pkg.go.dev/vuln/GO-2024-2598security@golang.org
N/A
https://security.netapp.com/advisory/ntap-20240329-0005/security@golang.org
N/A
http://www.openwall.com/lists/oss-security/2024/03/08/4af854a3a-2127-422b-91ae-364da2661108
N/A
https://go.dev/cl/569339af854a3a-2127-422b-91ae-364da2661108
N/A
https://go.dev/issue/65390af854a3a-2127-422b-91ae-364da2661108
N/A
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbgaf854a3a-2127-422b-91ae-364da2661108
N/A
https://pkg.go.dev/vuln/GO-2024-2598af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20240329-0005/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/08/4
Source: security@golang.org
Resource: N/A
Hyperlink: https://go.dev/cl/569339
Source: security@golang.org
Resource: N/A
Hyperlink: https://go.dev/issue/65390
Source: security@golang.org
Resource: N/A
Hyperlink: https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Source: security@golang.org
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2024-2598
Source: security@golang.org
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20240329-0005/
Source: security@golang.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/08/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://go.dev/cl/569339
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://go.dev/issue/65390
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2024-2598
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20240329-0005/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found