{"id":"CVE-2020-7919","details":"Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.","aliases":["BIT-golang-2020-7919","GHSA-cjjc-xp8v-855w","GO-2022-0229"],"modified":"2026-04-16T04:34:57.100910705Z","published":"2020-03-16T21:15:12.670Z","related":["CGA-7rj6-3wg2-w635"],"references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21forum/golang-announce"},{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/golang-announce/-sdUB4VEQkA"},{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/golang-announce/Hsw4mHYc470"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBC/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200327-0001/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4848"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/golang/go","events":[{"introduced":"05e77d41914d247a1e7caf37d7125ccaa5a53505"},{"fixed":"4ce6a8e89668b87dce67e2f55802903d6eb9110a"},{"introduced":"cc8838d645b2b7026c1f3aaceb011775c5ca3a08"},{"fixed":"7d2473dc81c659fba3f3b83bc6e93ca5fe37a898"}],"database_specific":{"versions":[{"introduced":"1.12"},{"fixed":"1.12.6"},{"introduced":"1.13"},{"fixed":"1.13.7"}]}}],"versions":["go1.12","go1.12.1","go1.12.2","go1.12.3","go1.12.4","go1.12.5","go1.13","go1.13.3","go1.13.4","go1.13.5","go1.13.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7919.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}