First published: Tue Mar 05 2024(Updated: )
Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 package when verifying a certificate chain. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause Certificate.Verify to panic, and results in a denial of service condition.
Credit: security@golang.org security@golang.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/go | <1.21.8 | 1.21.8 |
redhat/go | <1.22.1 | 1.22.1 |
IBM Rational Team Concert | <=1.0.0 - 1.0.1 | |
debian/golang-1.15 | <=1.15.15-1~deb11u4 | |
debian/golang-1.19 | <=1.19.8-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-24784 is classified as a denial of service vulnerability which can lead to application crashes.
To fix CVE-2024-24784, update affected Go packages to the recommended versions, such as Go 1.21.8 or 1.22.1.
CVE-2024-24784 affects Go versions up to and including 1.21.7 and various other specific versions in the affected software.
Yes, CVE-2024-24784 can be exploited remotely by sending specially crafted requests to the vulnerable application.
CVE-2024-24784 can cause applications to panic during certificate chain verification, resulting in a denial of service.