CVE-2020-14039

Reference Links

• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
• http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
• http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
• https://groups.google.com/forum/#!forum/golang-announce
• https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
• https://security.netapp.com/advisory/ntap-20200731-0005/
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://exchange.xforce.ibmcloud.com/vulnerabilities/185443
• https://www.ibm.com/support/pages/node/6403463 (Advisory)
• https://groups.google.com/forum/#%21forum/golang-announce
• https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w

Parent vulnerabilities

(Appears in the following advisories)

• IBM-6403463

Frequently Asked Questions

• What is CVE-2020-14039?

  CVE-2020-14039 is a vulnerability in Go versions before 1.13.13 and 1.14.x before 1.14.5 that allows a remote attacker to bypass security restrictions by exploiting improper validation on the VerifyOptions.KeyUsages EKU requirements during X.509 certificate verification.

• What is the severity of CVE-2020-14039?

  CVE-2020-14039 has a severity rating of medium with a CVSS score of 5.3.

• How does CVE-2020-14039 impact Go?

  CVE-2020-14039 could allow a remote attacker to gain access to the system by bypassing security restrictions in Go.

• What versions of Go are affected by CVE-2020-14039?

  Go versions before 1.13.13 and 1.14.x before 1.14.5 are affected by CVE-2020-14039.

• How can I fix CVE-2020-14039?

  To fix CVE-2020-14039, update to Go version 1.13.13 or upgrade to Go version 1.14.5 or later.