FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| c365536d-e3cf-11eb-9d8d-b37b683944c2 | go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters
The Go project reports:
crypto/tls clients can panic when provided a certificate of
the wrong type for the negotiated parameters. net/http clients
performing HTTPS requests are also affected. The panic can be
triggered by an attacker in a privileged network position
without access to the server certificate's private key, as
long as a trusted ECDSA or Ed25519 certificate for the server
exists (or can be issued), or the client is configured with
Config.InsecureSkipVerify. Clients that disable all TLS_RSA
cipher suites (that is, TLS 1.0âÂÂ1.2 cipher suites without
ECDHE), as well as TLS 1.3-only clients, are unaffected.
Discovery 2021-07-07
Entry 2021-07-12
go
< 1.16.6,1
CVE-2021-34558
https://github.com/golang/go/issues/47143
|