CVE-2020-14039
CVE-2020-14039
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.htmlhttps://groups.google.com/forum/#%21forum/golang-announcehttps://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2whttps://security.netapp.com/advisory/ntap-20200731-0005/https://www.oracle.com/security-alerts/cpuApr2021.html