CVE-2017-1000097

EPSS 0.18%

Mishandled trust preferences for root certificates on Darwin in crypto/x509

發布日:2022/5/24修改日:2024/6/3

描述

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

受影響套件(1)

Go/stdlibfrom 0, < 1.6.4, >= 1.7.0-0, < 1.7.4

參考連結(3)

PATCHhttps://go.googlesource.com/go/+/7e5b2e0ec144d5f5b2923a7d5db0b9143f79a35a
REPORThttps://go.dev/issue/18141
WEBhttps://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ