cbcvebase.
CVE-2020-7919
published 2020-03-16

CVE-2020-7919: Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.58%
83.3th percentile
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

Affected

7 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
fedoraprojectfedora
github.comhelm_helm>= 2.0.0 < 2.16.82.16.8
golang.orgx_crypto>= 0 < 0.0.0-20200124225646-8b5121be2f680.0.0-20200124225646-8b5121be2f68
golanggo>= 1.12 < 1.12.61.12.6
golanggo>= 1.13 < 1.13.71.13.7
helm.shhelm_v3>= 3.0.0 < 3.1.03.1.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.