PT-2020-6057 · Google+4 · Go+4

Published

2020-11-16

·

Updated

2024-06-15

·

CVE-2020-28362

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.14.12 Go versions 1.15.x prior to 1.15.4
Description The issue allows for Denial of Service. It is related to errors in the certificate authentication procedure. Exploitation can lead to a denial of service, potentially causing an agent crash for affected features. The vulnerability affects features that use TLS connections or client certificate authentication.
Recommendations For Go versions prior to 1.14.12, update to version 1.14.12 or later. For Go versions 1.15.x prior to 1.15.4, update to version 1.15.4 or later. As a temporary workaround, consider restricting the use of TLS connections or client certificate authentication until a patch is available.

Fix

DoS

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2020-3319
ALT-PU-2020-3334
ALT-PU-2020-3356
ALT-PU-2021-1456
AZL-79068
BDU:2021-02853
BIT-GOLANG-2020-28362
CESA-2020_5493
CESA-2021_0706
CVE-2020-28362
GO-2021-0069
OPENSUSE-SU-2020:2047-1
OPENSUSE-SU-2020:2067-1
OPENSUSE-SU-2020:2139-1
OPENSUSE-SU-2020_2047-1
OPENSUSE-SU-2020_2067-1
OPENSUSE-SU-2020_2139-1
OPENSUSE-SU-2024:10807-1
OPENSUSE-SU-2024:10808-1
RHSA-2020:5333
RHSA-2020:5493
RHSA-2020:5634
RHSA-2020_5493
RHSA-2021:0038
RHSA-2021:0145
RHSA-2021:0172
RHSA-2021:0706
RHSA-2021:0956
RHSA-2021:1366
RHSA-2021:1551
RHSA-2021:2042
RHSA-2021_0706
SUSE-SU-2020:3368-1
SUSE-SU-2020:3369-1
SUSE-SU-2020_3368-1
SUSE-SU-2020_3369-1

Affected Products

Alt Linux
Centos
Go
Red Hat
Suse