Home > Vulnerability Database > CVE-2024-45341

Mend.io Vulnerability Database

CVE-2024-45341

Date: January 27, 2025

GO Security Advisory - crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs. This is fixed in Go 1.23.5 and Go 1.22.11.

Severity Score

6.1

Related Resources (9)

Url: https://go.dev/cl/643099

Url: https://security.netapp.com/advisory/ntap-20250221-0004/

Url: https://pkg.go.dev/vuln/GO-2025-3373

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45341

Url: https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ

Url: https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ

Url: https://seclists.org/oss-sec/2025/q1/28

Url: https://go.dev/issue/71156

Url: https://www.mend.io/vulnerability-database/CVE-2024-45341

Severity Score

6.1

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45341

Date: January 27, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?