Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in crypto/x509: CVE-2024-45341 #3373

Closed
tatianab opened this issue Jan 7, 2025 · 1 comment
Closed

x/vulndb: potential Go vuln in crypto/x509: CVE-2024-45341 #3373

tatianab opened this issue Jan 7, 2025 · 1 comment
Assignees
@neild
Labels
first party high priority triaged

Comments

@tatianab
Copy link
Contributor

tatianab commented Jan 7, 2025
edited
Loading

crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

A certificate with a URI which has a IPv6 address with a zone ID may
incorrectly satisfy a URI name constraint that applies to the certificate
chain.

Certificates containing URIs are not permitted in the web PKI, so this
only affects users of private PKIs which make use of URIs.

Thanks to Juho Forsén of Mattermost for reporting this issue.

This is CVE-2024-45341 and Go issue https://go.dev/issue/71156.

For golang/go#71156
@tatianab tatianab assigned neild and unassigned neild Jan 17, 2025
@tatianab tatianab changed the title x/vulndb: potential Go vuln in <placeholder>: CVE-2024-45341 x/vulndb: potential Go vuln in crypto/x509: CVE-2024-45341 Jan 27, 2025
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/644855 mentions this issue: data/reports: add 5 reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neild neild

Labels
first party high priority triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@neild @tatianab @gopherbot