Fluid Attacks Database

Description

Mishandled trust preferences for root certificates on Darwin in crypto/x509 On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	stdlib	>=0 <1.6.4	1.6.4
rpm rhel7	golang	-	-

Aliases

1. CVE-2017-10000972. NVD-2017-10000973. OSV-GO-2022-01714. OSV-2017-10000975. GCVE-2017-1000097

References

1. https://go.googlesource.com/go/+/7e5b2e0ec144d5f5b2923a7d5db0b9143f79a35a2. https://go.dev/issue/181413. https://groups.google.com/g/golang-dev/c/4NdLzS8sls8/m/uIz8QlnIBQAJ

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.