CVE-2024-45341Improper Verification of Cryptographic Signature in Standard Library Crypto X509

CWE-347Improper Verification of Cryptographic Signature9 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 69.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GO Standard Library Crypto X509
Timeline
PublishedJan 28
Latest updateJun 18

Description

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

CVEListV5go_standard_library/crypto_x5091.23.0-01.23.5+2

🔴Vulnerability Details

5
OSV
golang-1.22 vulnerabilities2025-06-18
OSV
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x5092025-01-28
CVEList
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x5092025-01-28
GHSA
GHSA-3f6r-qh9c-x6mm: A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain2025-01-28
OSV
CVE-2024-45341: A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain2025-01-28

📋Vendor Advisories

3
Ubuntu
Go vulnerabilities2025-06-18
Red Hat
golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints2025-01-17
Debian
CVE-2024-45341: golang-1.15 - A certificate with a URI which has a IPv6 address with a zone ID may incorrectly...2024
CVE-2024-45341 — MEDIUM severity | cvebase