← volver
CVE-2020-14039

CVE-2020-14039

EPSS 1.8%
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.htmlhttps://groups.google.com/forum/#%21forum/golang-announcehttps://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2whttps://security.netapp.com/advisory/ntap-20200731-0005/https://www.oracle.com/security-alerts/cpuApr2021.html