← Volver a CVEs

CVE-2022-41724

HIGH

7.5

Descripcion

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

Detalles CVE

Puntuacion CVSS v3.17.5

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado2/28/2023

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

golang:go

Debilidades (CWE)

CWE-400

Referencias

https://go.dev/cl/468125(security@golang.org)

https://go.dev/issue/58001(security@golang.org)

https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E(security@golang.org)

https://pkg.go.dev/vuln/GO-2023-1570(security@golang.org)

https://security.gentoo.org/glsa/202311-09(security@golang.org)

https://go.dev/cl/468125(af854a3a-2127-422b-91ae-364da2661108)

https://go.dev/issue/58001(af854a3a-2127-422b-91ae-364da2661108)

https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E(af854a3a-2127-422b-91ae-364da2661108)

https://pkg.go.dev/vuln/GO-2023-1570(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/202311-09(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.