{"id":"GO-2021-0223","summary":"Certificate verification error on Windows in crypto/x509","details":"On Windows, if VerifyOptions.Roots is nil, Certificate.Verify does not check the EKU requirements specified in VerifyOptions.KeyUsages. This may allow a certificate to be used for an unintended purpose.","aliases":["BIT-golang-2020-14039","CVE-2020-14039"],"modified":"2024-05-20T16:03:47Z","published":"2022-02-17T17:46:03Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2021-0223"},"references":[{"type":"FIX","url":"https://go.dev/cl/242597"},{"type":"FIX","url":"https://go.googlesource.com/go/+/82175e699a2e2cd83d3aa34949e9b922d66d52f5"},{"type":"REPORT","url":"https://go.dev/issue/39360"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.13.13"},{"introduced":"1.14.0-0"},{"fixed":"1.14.5"}]}],"ecosystem_specific":{"imports":[{"symbols":["Certificate.systemVerify"],"goos":["windows"],"path":"crypto/x509"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0223.json"}}],"schema_version":"1.7.3","credits":[{"name":"Niall Newman"}]}