The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
References
Link Providers
https://golang.org/doc/devel/release#go1.15.minor cve-icon
https://golang.org/doc/devel/release#go1.16.minor cve-icon cve-icon cve-icon
https://groups.google.com/g/golang-announce cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-34558 cve-icon
https://security.gentoo.org/glsa/202208-02 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20210813-0005/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-34558 cve-icon
https://www.oracle.com/security-alerts/cpujan2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-15T13:47:36

Updated: 2024-08-04T00:12:50.360Z

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34558

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-07-15T14:15:19.660

Modified: 2024-11-21T06:10:40.993

Link: CVE-2021-34558

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-07-13T00:00:00Z

Links: CVE-2021-34558 - Bugzilla