Note:
This project will be discontinued after December 13, 2021. [more]
2020-07-17
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
| Products | Go, Leap |
| Type | Improper Certificate Validation (CWE-295) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.netapp.com/advisory/ntap-20200731-0005/
• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html • https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w • https://www.oracle.com/security-alerts/cpuApr2021.html • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html |