Home > Vulnerability Database > CVE-2021-34558

Mend.io Vulnerability Database

CVE-2021-34558

Date: July 15, 2021

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Language: Go

Severity Score

6.5

Related Resources (36)

Url: https://groups.google.com/g/golang-announce

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/

Url: https://security.gentoo.org/glsa/202208-02

Url: https://go.dev/cl/334031

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/

Url: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/

Url: https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ

Url: https://golang.org/doc/devel/release#go1.16.minor

Url: https://www.oracle.com/security-alerts/cpujan2022.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/

Url: https://security-tracker.debian.org/tracker/CVE-2021-34558

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/

Url: https://security.alpinelinux.org/vuln/CVE-2021-34558

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-34558

Url: https://www.oracle.com/security-alerts/cpuoct2021.html

Url: https://go.dev/issue/47143

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34558

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/

Url: https://go.googlesource.com/go/+/a98589711da5e9d935e8d690cfca92892e86d557

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/

Url: https://security.netapp.com/advisory/ntap-20210813-0005/

Url: https://security.archlinux.org/CVE-2021-34558

Url: https://access.redhat.com/security/cve/CVE-2021-34558

Url: https://www.mend.io/vulnerability-database/CVE-2021-34558

Severity Score

6.5

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-34558

Date: July 15, 2021

Language: Go

Severity Score

Related Resources (36)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?