CVE-2020-7919

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-7919

Severity

7.5

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-7919
https://github.com/advisories/GHSA-cjjc-xp8v-855w
https://pkg.go.dev/vuln/GO-2022-0229
https://groups.google.com/forum/#%21forum/golang-announce
https://groups.google.com/forum/#%21topic/golang-announce/-sdUB4VEQkA
https://groups.google.com/forum/#%21topic/golang-announce/Hsw4mHYc470
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBC/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://security.netapp.com/advisory/ntap-20200327-0001/
https://www.debian.org/security/2021/dsa-4848

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2020-7919

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company