PT-2021-6078 · Go+6 · Go+6

Published

2021-02-19

·

Updated

2025-09-29

·

CVE-2021-34558

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Go versions through 1.16.5
Description The issue arises from insufficient certificate authentication in the crypto/tls package of the Go programming language. This can be exploited by a remote attacker to cause a denial of service. Specifically, when doing an RSA-based key exchange, a malicious TLS server can cause a TLS client to panic by providing an X.509 certificate with a public key type that does not match the expected type.
Recommendations For versions through 1.16.5, consider updating to a version that properly asserts the type of public key in an X.509 certificate matches the expected type when doing a key exchange. As a temporary workaround, restrict the use of RSA-based key exchange until a patch is available. Additionally, be cautious when providing certificates to avoid causing a panic in TLS clients. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALSA-2021:4226
ALSA-2021_1796
ALSA-2021_4154
ALSA-2021_4156
ALSA-2021_4226
ALSA-2021_5160
ALSA-2022:7954
ALSA-2022_0001
ALSA-2022_7129
ALSA-2022_7954
ALSA-2022_7955
ALSA-2022_8008
ALSA-2023_0328
ALSA-2023_0446
ALSA-2023_2204
ALSA-2023_2357
ALSA-2023_2592
ALSA-2023_2780
ALSA-2023_2866
ALSA-2024_10289
ALSA-2024_11189
ALSA-2024_11238
ALSA-2024_1130
ALSA-2024_1131
ALSA-2024_1149
ALSA-2024_1150
ALSA-2024_2132
ALSA-2024_2160
ALSA-2024_2180
ALSA-2024_2193
ALSA-2024_2239
ALSA-2024_2245
ALSA-2024_2272
ALSA-2024_2952
ALSA-2025_16880
ALSA-2025_7256
ALT-PU-2021-1376
ALT-PU-2021-2210
ALT-PU-2021-2214
ALT-PU-2021-2220
ALT-PU-2022-1243
BDU:2022-00715
BIT-GOLANG-2021-34558
CESA-2021_3076
CESA-2021_4226
CESA-2024_2988
CVE-2021-34558
ELSA-2021-3076
ELSA-2021-4226
ELSA-2022-7954
ELSA-2024-2988
GO-2021-0243
INFSA-2024_2988
MGASA-2021-0369
MGASA-2023-0213
OESA-2021-1402
OESA-2025-1059
OPENSUSE-SU-2021:1078-1
OPENSUSE-SU-2021:1079-1
OPENSUSE-SU-2021:2392-1
OPENSUSE-SU-2021:2398-1
OPENSUSE-SU-2021_1078-1
OPENSUSE-SU-2021_1079-1
OPENSUSE-SU-2021_2392-1
OPENSUSE-SU-2021_2398-1
OPENSUSE-SU-2024:10808-1
OPENSUSE-SU-2024:10809-1
RHSA-2021:2984
RHSA-2021:3009
RHSA-2021:3015
RHSA-2021:3076
RHSA-2021:3248
RHSA-2021:3555
RHSA-2021:3820
RHSA-2021:4226
RHSA-2021:4722
RHSA-2021:5085
RHSA-2021_3076
RHSA-2021_4226
RHSA-2022:0237
RHSA-2022:0260
RHSA-2022:0988
RHSA-2022:0998
RHSA-2022:1329
RHSA-2022:7954
RHSA-2022_7954
RHSA-2024:2988
RHSA-2024_2988
RLSA-2021:3076
RLSA-2021:4226
RLSA-2021_3076
RLSA-2021_4226
RLSA-2024_2988
SUSE-SU-2021:2392-1
SUSE-SU-2021:2398-1
SUSE-SU-2021_2392-1
SUSE-SU-2021_2398-1

Affected Products

Alt Linux
Almalinux
Centos
Go
Red Hat
Rocky Linux
Suse