CVE-2020-7919

HIGH7.5EPSS 0.70%

Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte

發布日:2021/6/23修改日:2026/2/4

描述

On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected.

受影響套件(6)

Bitnami/golang>= 1.12.0, < 1.12.6, >= 1.13.0, < 1.13.7
Go/github.com/helm/helm>= 2.0.0, < 2.16.8
Go/golang.org/x/cryptofrom 0, < 0.0.0-20200124225646-8b5121be2f68
Go/golang.org/x/cryptofrom 0, < 0.0.0-20200124225646-8b5121be2f68
Go/helm.sh/helm/v3>= 3.0.0, < 3.1.0
Go/stdlibfrom 0, < 1.12.16, >= 1.13.0-0, < 1.13.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

描述

受影響套件(6)

CVSS 分數

參考連結(21)