CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
golanggo
𝑥
< 1.6.4
golanggo
1.7 ≤
𝑥
< 1.7.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang
zesty
dne
xenial
dne
trusty
dne
golang-1.6
zesty
not-affected
xenial
not-affected
trusty
dne
golang-1.7
zesty
not-affected
xenial
dne
trusty
dne
golang-1.8
zesty
not-affected
xenial
dne
trusty
dne
golang-1.9
zesty
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/golang/go/issues/18141
https://go-review.googlesource.com/c/33721/
https://groups.google.com/forum/#%21msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ
https://github.com/golang/go/issues/18141
https://go-review.googlesource.com/c/33721/
https://groups.google.com/forum/#%21msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ