CVE-2020-14039
17.07.2020, 16:15
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.Enginsight
| Vendor | Product | Version |
|---|---|---|
| golang | go | 𝑥 < 1.13.13 |
| golang | go | 1.14.0 ≤ 𝑥 < 1.14.5 |
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| golang |
| ||||||||||
| golang-1.10 |
| ||||||||||
| golang-1.11 |
| ||||||||||
| golang-1.12 |
| ||||||||||
| golang-1.13 |
| ||||||||||
| golang-1.14 |
| ||||||||||
| golang-1.15 |
| ||||||||||
| golang-1.6 |
| ||||||||||
| golang-1.8 |
| ||||||||||
| golang-1.9 |
|
Common Weakness Enumeration
References