Fluid Attacks Database

Description

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	golang.org/x/crypto	>=0 <0.52.0	0.52.0
debian 11	golang-go.crypto	=1:0.0~git20201221.eec23a3-1 \|\| =1:0.0~git20210817.32db794-1 \|\| =1:0.0~git20211202.5770296-1 \|\| =1:0.0~git20220315.3147a52-1 \|\| =1:0.0~git20220829.c86fa9a-1 \|\| =1:0.0~git20220829.c86fa9a-1~bpo11+1 \|\| =1:0.1.0-1 \|\| =1:0.10.0-1 \|\| =1:0.12.0-1 \|\| =1:0.13.0-1 \|\| =1:0.14.0-1 \|\| =1:0.16.0-1 \|\| =1:0.17.0-1 \|\| =1:0.18.0-1 \|\| =1:0.19.0-1 \|\| =1:0.21.0-1 \|\| =1:0.22.0-1 \|\| =1:0.23.0-1 \|\| =1:0.24.0-1 \|\| =1:0.24.0-2 \|\| =1:0.25.0-1 \|\| =1:0.25.0-1~bpo12+1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.4.0-1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1 \|\| =1:0.52.0-1	-
debian 12	golang-go.crypto	=1:0.10.0-1 \|\| =1:0.12.0-1 \|\| =1:0.13.0-1 \|\| =1:0.14.0-1 \|\| =1:0.16.0-1 \|\| =1:0.17.0-1 \|\| =1:0.18.0-1 \|\| =1:0.19.0-1 \|\| =1:0.21.0-1 \|\| =1:0.22.0-1 \|\| =1:0.23.0-1 \|\| =1:0.24.0-1 \|\| =1:0.24.0-2 \|\| =1:0.25.0-1 \|\| =1:0.25.0-1~bpo12+1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.4.0-1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1 \|\| =1:0.52.0-1	-
debian 13	golang-go.crypto	=1:0.25.0-1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1 \|\| =1:0.52.0-1	-
debian 14	golang-go.crypto	=1:0.25.0-1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1 \|\| >=0 <1:0.52.0-1	1:0.52.0-1

Aliases

1. CVE-2026-425082. NVD-2026-425083. OSV-GO-2026-50214. OSV-2026-425085. OSV-DEBIAN-2026-425086. GCVE-2026-425087. SECURITY-TRACKER-CVE-2026-42508

References

1. https://go.dev/issue/795682. https://go.dev/cl/7812203. https://groups.google.com/g/golang-announce/c/a082jnz-LvI

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.