CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24783 – Verify panics on certificates with an unknown public key algorithm in crypto/x509
https://notcve.org/view.php?id=CVE-2024-24783
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. La verificación de una cadena de certificados que contiene un certificado con un algoritmo de clave pública desconocido provocará que Certificate.Verify entre en pánico. Esto afecta a todos los clientes cripto/tls y a los servidores que configuran Config.ClientAuth en VerifyClientCertIfGiven o RequireAndVerifyClientCert. • http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 • CWE-400: Uncontrolled Resource Consumption •