CVE-2017-1000097

EUVD-2017-1401
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.6.4
golanggo
1.7 ≤
𝑥
< 1.7.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang
trusty
dne
xenial
dne
zesty
dne
golang-1.6
trusty
dne
xenial
not-affected
zesty
not-affected
golang-1.7
trusty
dne
xenial
dne
zesty
not-affected
golang-1.8
trusty
dne
xenial
dne
zesty
not-affected
golang-1.9
trusty
dne
xenial
dne
zesty
dne
Common Weakness Enumeration
References
https://github.com/golang/go/issues/18141
https://go-review.googlesource.com/c/33721/
https://groups.google.com/forum/#%21msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ
https://github.com/golang/go/issues/18141
https://go-review.googlesource.com/c/33721/
https://groups.google.com/forum/#%21msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ