Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte
Overview
Source
ID
GO-2022-0229
Aliases
BIT-golang-2020-7919
CVE-2020-7919
GHSA-cjjc-xp8v-855w
Affected package
Description
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected.
Summary
24.75k
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
4.67k
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
1.85%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.0.0-20200124225646-8b5121be2f68
Patched/Unaffected
Affected