CVE-2022-41724

Name
CVE-2022-41724
Description
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
MISC https://pkg.go.dev/vuln/GO-2023-1570
MISC https://go.dev/cl/468125
MISC https://go.dev/issue/58001

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= None < 1.19.6
cpe:2.3:a:golang:go:1.20.0:rc3:*:*:*:*:*:* go == None == 1.20.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status