{"id":"GO-2021-0243","summary":"Panic on certain certificates in crypto/tls","details":"crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected.","aliases":["BIT-golang-2021-34558","CVE-2021-34558"],"modified":"2024-05-20T16:03:47Z","published":"2022-02-17T17:32:57Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0243","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://go.dev/cl/334031"},{"type":"FIX","url":"https://go.googlesource.com/go/+/a98589711da5e9d935e8d690cfca92892e86d557"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ"},{"type":"REPORT","url":"https://go.dev/issue/47143"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.15.14"},{"introduced":"1.16.0-0"},{"fixed":"1.16.6"}]}],"ecosystem_specific":{"imports":[{"symbols":["rsaKeyAgreement.generateClientKeyExchange"],"path":"crypto/tls"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0243.json"}}],"schema_version":"1.7.3","credits":[{"name":"Imre Rad"}]}