1. Home
  2. Vulnerabilities
  3. CVE-2022-41724

CVE-2022-41724

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.15 % (52th)
0.15% Progress
Affected Products 1
Advisories 39
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

Weaknesses
CWE-400
Uncontrolled Resource Consumption
CVE Status
PUBLISHED
CNA
Go Project
Published Date
2023-02-28 18:15:10
(18 months ago)
Updated Date
2023-11-25 11:15:10
(9 months ago)

Affected Products

Golang

Configuration #1

    CPE23 From Up To
  Golang Go prior 1.19.6 version cpe:2.3:a:golang:go < 1.19.6
  Golang Go 1.20.0 cpe:2.3:a:golang:go:1.20.0:-
  Golang Go 1.20.0 Rc1 cpe:2.3:a:golang:go:1.20.0:rc1
  Golang Go 1.20.0 Rc2 cpe:2.3:a:golang:go:1.20.0:rc2
  Golang Go 1.20.0 Rc3 cpe:2.3:a:golang:go:1.20.0:rc3