CVE-2022-27536
First published: Wed Apr 20 2022(Updated: )
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Golang Go | >=1.18.0<1.18.1 | |
| Apple macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-27536.
What is the severity of CVE-2022-27536?
CVE-2022-27536 has a severity level of 7.5 (High).
What is the affected software for CVE-2022-27536?
The affected software for CVE-2022-27536 is Go 1.18.x before 1.18.1 on macOS.
How can this vulnerability be exploited?
This vulnerability can be exploited by a remote TLS server to cause a TLS client to panic.
Are there any fixes or patches available for CVE-2022-27536?
Yes, the fix for CVE-2022-27536 is available in Go 1.18.1.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/golang
- canonical/golang go
- version/golang go/1.18.0
- vendor/apple
- canonical/apple macos