Home > Vulnerability Database > CVE-2022-41724

Mend.io Vulnerability Database

CVE-2022-41724

Good to know:

Date: February 28, 2023

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

Language: Go

Severity Score

5.5

Related Resources (11)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41724

Url: https://access.redhat.com/security/cve/CVE-2022-41724

Url: https://go.dev/issue/58001

Url: https://pkg.go.dev/vuln/GO-2023-1570

Url: https://go.dev/cl/468125

Url: https://security.gentoo.org/glsa/202311-09

Url: https://osv.dev/vulnerability/GO-2023-1570

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-41724

Url: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E

Url: https://security-tracker.debian.org/tracker/CVE-2022-41724

Url: https://www.mend.io/vulnerability-database/CVE-2022-41724

Severity Score

5.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version v1.19.6,v1.20.1

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41724

Good to know:

Date: February 28, 2023

Language: Go

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?