First published: Fri Jul 17 2020(Updated: )
Go could allow a remote attacker to bypass security restrictions, caused by improper validation on the VerifyOptions.KeyUsages EKU requirements during the X.509 certificate verification. An attacker could exploit this vulnerability to gain access to the system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Golang Go | <1.13.13 | |
Golang Go | >=1.14.0<1.14.5 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
IBM Security Guardium Insights | <=2.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-14039 is a vulnerability in Go versions before 1.13.13 and 1.14.x before 1.14.5 that allows a remote attacker to bypass security restrictions by exploiting improper validation on the VerifyOptions.KeyUsages EKU requirements during X.509 certificate verification.
CVE-2020-14039 has a severity rating of medium with a CVSS score of 5.3.
CVE-2020-14039 could allow a remote attacker to gain access to the system by bypassing security restrictions in Go.
Go versions before 1.13.13 and 1.14.x before 1.14.5 are affected by CVE-2020-14039.
To fix CVE-2020-14039, update to Go version 1.13.13 or upgrade to Go version 1.14.5 or later.