CVE-2014-7189 — GO vulnerability

CWE-2649 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 47.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Golang GO

Timeline

PublishedOct 7

Latest updateMay 25

Description

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDgolang/go8 versions+7

🔴Vulnerability Details

OSV

Man-in-the-middle attack with SessionTicketsDisabled in crypto/tls↗2022-05-25

▶

GHSA

GHSA-qj74-fm89-4g8f: crpyto/tls in Go 1↗2022-05-14

▶

CVEList

CVE-2014-7189: crpyto/tls in Go 1↗2014-10-07

▶

💬Community

Bugzilla

CVE-2014-7189 golang: TLS client authentication issue fixed in version 1.3.2 [epel-6]↗2014-09-29

▶

Bugzilla

CVE-2014-7189 golang: TLS client authentication issue fixed in version 1.3.2↗2014-09-29

▶

Bugzilla

CVE-2014-7189 golang: TLS client authentication issue fixed in version 1.3.2 [fedora-all]↗2014-09-29

▶

Bugzilla

CVE-2014-7189 golang: TLS client authentication issue fixed in version 1.3.2 [epel-7]↗2014-09-29

▶

Bugzilla

CVE-2014-4336 cups-filters: incomplete fix for CVE-2014-2707↗2014-04-25

▶